You don't say what your device under test (DUT) is, but generally speaking tcpreplay works better for L2-L4 testing than L7.
Depending on your DUT, you may or may not need to split the traffic (tcpprep) so it sees it flowing bi-directionally at the physical level. If you're just sniffing traffic (like off a SPAN port, etc) then it doesn't matter which is good because a lot of public datasets are hard to split cleanly. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune On Sun, Jan 12, 2020 at 8:50 PM esoteric escape <manip...@gmail.com> wrote: > > I have traces from Bigflow and CAIDA dataset in a .pcap. I studied the FAQ at > tcpreplay website and remapped the IP addresses and MAC addresses as well. I > can also run the tcpreplay utility. > > My problem is that I want to understand: > > - Do I really need listening servers at the receiving end of traffic? What's > the difference with if I simply send UDP and ICMP without them? Will it not > be a simulation because the traffic still travels on wire to the destination?- > > - Am I right to remap the ip addresses to destination or do I need to keep > everything in .pcap unchanged? > > It's a simulation of normal traffic to understand the traffic load in > topology and get statistics. > > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
