Docker container to send traffic for dev/troubleshooting to another container in docker using TCPREPLAY⁠

tcpreplay is a great tool to modify and replay existing packets capture file (pcap) into the network Unfortunately, it doesn't support to send traffic to the same host.

In a Docker environment, it's easy to have a dedicated container to replay packets capture file. That's the goal of this project.

How to run

You can either :

• start the container in CLI mode and use tcpreplay from there
• execute tcpreplay directly at runtime Either way, you'll need to mount the local directory where your capture files are into the container.

Execute in CLI mode

docker run --rm -t -v $(pwd):/data -i dgarros/tcpreplay /sbin/my_init -- bash -l

Execute directly CLI mode with access to the host network

docker run --net host --rm -t -v $(pwd):/data -i dgarros/tcpreplay /sbin/my_init -- bash -l

Execute directly

docker run --rm -t -v $(pwd):/data -i dgarros/tcpreplay /usr/bin/tcpreplay --intf1=eth0 output.pcap

How to send traffic to another container using tcpreplay

In order to send traffic to another Container with tcpreplay, you need to modify your existing capture file with the target container IP and Mac address. tcpreplay come with a tool named tcprewrite to take care of that

Update IP and Mac addresses (you need to provide the previous dst IP)

tcprewrite --infile=input.pcap --outfile=output.pcap --dstipmap=<previous dest IP>:172.17.255.255 --enet-dmac=01:00:05:11:00:06 --fixcsum

Update destination port

tcprewrite --infile=input.pcap --outfile=output.pcap --portmap=50020:51020

Send traffic out at 100pps

tcpreplay --intf1=eth0  --pps=100 output.pcap

You can find some good information on :

• tcpreplay [http://xmodulo.com/how-to-capture-and-replay-network-traffic-on-linux.html]
• tcprewrite [http://tcpreplay.synfin.net/wiki/tcprewrite]