This comes up from time to time.
Noone has coded it yet and I dont know of anyone planning it.
There are difficulties in getting replay capture being useful.
Seriously, there are MAJOR difficulties in getting packet replay do anything
useful, i.e. have an
end result different from just running ping -f.
1, most interesting protocols use TCP as transport. TCP replay is completely
useless since
it has no other effect than introducing garbage packets on the network
causing network load/congestion. Thus ping -f is equally useful as a tcp
replay.
Unless one only replay layer-5 and above which has some even hairier issues.
I.e. TCP replay will never work in any product.
2, most of the remaining interesting protocols that do not use TCP have some
replay
prevention mechanism often based on NTP, or if they dont have replay
prevention mechanisms they at least usually have some state and session
concept implemented in the application layer.
Replay of these packets are useless as well and can be emulated again with
ping -f.
Unless one implements protocol by protocol specific layer-5 replayer. lots
and lots of work
and very very limited use.
I.e. it will not work.
3, what remains? replaying single DNS over UDP packets?
There are other products that can replay a capture file that can be used.
All of these suffer
from the same inherent limitations such as in 99.9% of all cases they would
be functionally equivalent with ping -f.
I myself see packet replay as completely useless in 99.9% of the cases and
dont have time to
implement something like it. Maybe someone else will?
----- Original Message -----
From: "Bill Arnold"
Sent: Thursday, August 15, 2002 2:23 PM
Subject: [Ethereal-users] Add to wish list
> I see that traffic generation was in the Wish list, but I wanted to add
> the option of "replaying a previously captured session." This would be
> very helpful in a lab where we have to duplicate problems and simulate
> production traffic.
>
