tcprewrite issue conversion of DLT

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcprewrite issue conversion of DLT

Actually, it's asking you for MAC addresses.  Cisco HDLC does not have
this information in the header and they are required for Ethernet.  In
your case, I recommend you just make them up- any valid MAC address
will work.

On Sun, Sep 12, 2010 at 4:58 AM, Vikas Sharma <vsharm <at> gmail.com> wrote:
> Dear Mr. Aaron Turner,
>
>
>
> My company is into security systems and had received a few CiscoHDLC pcap
> files (of 85 MBs each).
>
>
>
> Our software can only read only Ethernet packets and accordingly we tried to
> convert the CiscoHDLC pcap files into Ethernet (DLT) by using
>
>
>
> tcprewrite –dlt=enet --infile=input.pcap --outfile=output.pcap
>
>
>
> However the system (Ubuntu Lucid) asks for the source IP address and we are
> not able to provide that since that is not known to us (these are pcap files
> captured by an Endace DAG card on an OC3, STM line).
>
>
>
> Please suggest a way to convert CiscoHDLC pcap files into Ethernet pcap
> files.
>
>
>
> I have enclosed the protocol stack of the CiscoHDLC pcap file along with
> this email
>
> I await your response,
>
>
>
> Regards
>
>
>
> Vikas Sharma
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing
> http://p.sf.net/sfu/novell-sfdev2dev
>
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>

-- 
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcprewrite issue conversion of DLT

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcprewrite issue conversion of DLT

Per the documentation:
http://tcpreplay.synfin.net/wiki/tcprewrite#RewritingLayer2

tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
--infile=input.pcap --outfile=output.pcap

You need to specify both source and destination MAC since Cisco HDLC
has neither.

On Sun, Sep 12, 2010 at 12:51 PM, Vikas Sharma <vsharm <at> gmail.com> wrote:
> Dear Aaron,
>
> Referring to your prompt response, please clarify. Which MAC addresses (src
> / dst) ?
>
> Can you please give me an example command ?
>
> Regards
> Vikas
>
> On Sun, Sep 12, 2010 at 11:20 PM, Aaron Turner <synfinatic <at> gmail.com> wrote:
>>
>> Actually, it's asking you for MAC addresses.  Cisco HDLC does not have
>> this information in the header and they are required for Ethernet.  In
>> your case, I recommend you just make them up- any valid MAC address
>> will work.
>>
>> On Sun, Sep 12, 2010 at 4:58 AM, Vikas Sharma <vsharm <at> gmail.com> wrote:
>> > Dear Mr. Aaron Turner,
>> >
>> >
>> >
>> > My company is into security systems and had received a few CiscoHDLC
>> > pcap
>> > files (of 85 MBs each).
>> >
>> >
>> >
>> > Our software can only read only Ethernet packets and accordingly we
>> > tried to
>> > convert the CiscoHDLC pcap files into Ethernet (DLT) by using
>> >
>> >
>> >
>> > tcprewrite –dlt=enet --infile=input.pcap --outfile=output.pcap
>> >
>> >
>> >
>> > However the system (Ubuntu Lucid) asks for the source IP address and we
>> > are
>> > not able to provide that since that is not known to us (these are pcap
>> > files
>> > captured by an Endace DAG card on an OC3, STM line).
>> >
>> >
>> >
>> > Please suggest a way to convert CiscoHDLC pcap files into Ethernet pcap
>> > files.
>> >
>> >
>> >
>> > I have enclosed the protocol stack of the CiscoHDLC pcap file along with
>> > this email
>> >
>> > I await your response,
>> >
>> >
>> >
>> > Regards
>> >
>> >
>> >
>> > Vikas Sharma
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Start uncovering the many advantages of virtual appliances
>> > and start using them to simplify application deployment and
>> > accelerate your shift to cloud computing
>> > http://p.sf.net/sfu/novell-sfdev2dev
>> >
>> > _______________________________________________
>> > Tcpreplay-users mailing list
>> > Tcpreplay-users <at> lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>> >
>>
>>
>>
>> --
>> Aaron Turner
>> http://synfin.net/         Twitter:  <at> synfinatic
>> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
>> Windows
>> Those who would give up essential Liberty, to purchase a little temporary
>> Safety, deserve neither Liberty nor Safety.
>>     -- Benjamin Franklin
>> "carpe diem quam minimum credula postero"
>>
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users <at> lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing
> http://p.sf.net/sfu/novell-sfdev2dev
>
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>

-- 
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcprewrite issue conversion of DLT

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcprewrite issue conversion of DLT

Yes, you need to do that.  I was just showing you an example of
specifying the source / destination MAC addresses.

I suggest after rewriting you open the pcap in Wireshark and take a
look at the packets to make sure it does what you expect and play
around with different options and see what they do.  Explore and try
things out.

On Sun, Sep 12, 2010 at 9:20 PM, Vikas Sharma <vsharm <at> gmail.com> wrote:
> Dear Aaron,
>
> we do not need to specify the DLT ?
>
> tcprewrite --dlt=enet --enet-dmac=00:55:22:AF:C6:37
> --enet-smac=00:44:66:FC:29:AF
> --infile=input.pcap --outfile=output.pcap
>
> Pleae clarify
>
> Regards
>
> Vikas Sharma
>
> On Mon, Sep 13, 2010 at 2:38 AM, Aaron Turner <synfinatic <at> gmail.com> wrote:
>>
>> Per the documentation:
>> http://tcpreplay.synfin.net/wiki/tcprewrite#RewritingLayer2
>>
>> tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
>> --infile=input.pcap --outfile=output.pcap
>>
>> You need to specify both source and destination MAC since Cisco HDLC
>> has neither.
>>
>> On Sun, Sep 12, 2010 at 12:51 PM, Vikas Sharma <vsharm <at> gmail.com> wrote:
>> > Dear Aaron,
>> >
>> > Referring to your prompt response, please clarify. Which MAC addresses
>> > (src
>> > / dst) ?
>> >
>> > Can you please give me an example command ?
>> >
>> > Regards
>> > Vikas
>> >
>> > On Sun, Sep 12, 2010 at 11:20 PM, Aaron Turner <synfinatic <at> gmail.com>
>> > wrote:
>> >>
>> >> Actually, it's asking you for MAC addresses.  Cisco HDLC does not have
>> >> this information in the header and they are required for Ethernet.  In
>> >> your case, I recommend you just make them up- any valid MAC address
>> >> will work.
>> >>
>> >> On Sun, Sep 12, 2010 at 4:58 AM, Vikas Sharma <vsharm <at> gmail.com> wrote:
>> >> > Dear Mr. Aaron Turner,
>> >> >
>> >> >
>> >> >
>> >> > My company is into security systems and had received a few CiscoHDLC
>> >> > pcap
>> >> > files (of 85 MBs each).
>> >> >
>> >> >
>> >> >
>> >> > Our software can only read only Ethernet packets and accordingly we
>> >> > tried to
>> >> > convert the CiscoHDLC pcap files into Ethernet (DLT) by using
>> >> >
>> >> >
>> >> >
>> >> > tcprewrite –dlt=enet --infile=input.pcap --outfile=output.pcap
>> >> >
>> >> >
>> >> >
>> >> > However the system (Ubuntu Lucid) asks for the source IP address and
>> >> > we
>> >> > are
>> >> > not able to provide that since that is not known to us (these are
>> >> > pcap
>> >> > files
>> >> > captured by an Endace DAG card on an OC3, STM line).
>> >> >
>> >> >
>> >> >
>> >> > Please suggest a way to convert CiscoHDLC pcap files into Ethernet
>> >> > pcap
>> >> > files.
>> >> >
>> >> >
>> >> >
>> >> > I have enclosed the protocol stack of the CiscoHDLC pcap file along
>> >> > with
>> >> > this email
>> >> >
>> >> > I await your response,
>> >> >
>> >> >
>> >> >
>> >> > Regards
>> >> >
>> >> >
>> >> >
>> >> > Vikas Sharma
>> >> >
>> >> >
>> >> >
>> >> > ------------------------------------------------------------------------------
>> >> > Start uncovering the many advantages of virtual appliances
>> >> > and start using them to simplify application deployment and
>> >> > accelerate your shift to cloud computing
>> >> > http://p.sf.net/sfu/novell-sfdev2dev
>> >> >
>> >> > _______________________________________________
>> >> > Tcpreplay-users mailing list
>> >> > Tcpreplay-users <at> lists.sourceforge.net
>> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Aaron Turner
>> >> http://synfin.net/         Twitter:  <at> synfinatic
>> >> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
>> >> Windows
>> >> Those who would give up essential Liberty, to purchase a little
>> >> temporary
>> >> Safety, deserve neither Liberty nor Safety.
>> >>     -- Benjamin Franklin
>> >> "carpe diem quam minimum credula postero"
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Start uncovering the many advantages of virtual appliances
>> >> and start using them to simplify application deployment and
>> >> accelerate your shift to cloud computing
>> >> http://p.sf.net/sfu/novell-sfdev2dev
>> >> _______________________________________________
>> >> Tcpreplay-users mailing list
>> >> Tcpreplay-users <at> lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Start uncovering the many advantages of virtual appliances
>> > and start using them to simplify application deployment and
>> > accelerate your shift to cloud computing
>> > http://p.sf.net/sfu/novell-sfdev2dev
>> >
>> > _______________________________________________
>> > Tcpreplay-users mailing list
>> > Tcpreplay-users <at> lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>> >
>>
>>
>>
>> --
>> Aaron Turner
>> http://synfin.net/         Twitter:  <at> synfinatic
>> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
>> Windows
>> Those who would give up essential Liberty, to purchase a little temporary
>> Safety, deserve neither Liberty nor Safety.
>>     -- Benjamin Franklin
>> "carpe diem quam minimum credula postero"
>>
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users <at> lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing
> http://p.sf.net/sfu/novell-sfdev2dev
>
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>

-- 
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

tcpreplay at 2.5 Gbit/sec?

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcpreplay at 2.5 Gbit/sec?

On Tue, Sep 14, 2010 at 12:51 PM, Wilburn, David M. <dwilburn <at> mitre.org> wrote:
> All,
>
>
>
> We're looking into high speed packet capture and analysis systems that can
> capture at up to 2.5 Gbit/sec. We'd like to perform a lab evaluation, but
> somewhat unsure on how to proceed. I don't believe that an artificial
> traffic generator would work, because we're very interested in how the
> evaluated products process and index application layer data from rebuilt
> sessions, and I suspect that rich content data would be missing from
> artificially generated traffic. So, I think that probably leaves us with
> replaying traffic of existing captures, and speeding up the replay as
> necessary to match the peak performance required. I looked through the Wiki
> and FAQ on tcpreplay's site, but I'm not sure if the tips there are complete
> or current. For instance, it referred to 1 Gbit Intel NICs, but I'll need 10
> Gbit NICs to achieve my performance requirements.
>
>
>
> Has anyone successfully used tcpreplay at ~2.5 Gbit/sec or higher rates? If
> so, could you please describe your hardware (e.g., 10 gig NICs, storage,
> CPU, and quantity of each), and any special OS or tcpreplay tweaks needed to
> achieve this? If this is really infeasible using tcpreplay, that'd also be
> good to know, along with any pointers towards any alternatives.

What kind of packets/sec are you looking at?  In general, tcpreplay
tends to be more limited in the number of packets then bandwidth,
since bandwidth is just a function of packets/sec * size of packet.
FWIW, I know people have done in excess of 400K pps and over 4 Gbps.

Ideally you'll want:

1. Enough RAM to cache the pcap in memory or a fast enough disk array
to keep up with your bandwidth requirements
2. 10Gbit card with drivers which are optimized for your OS and packet
size.  I'd stay with a recent Broadcom or Intel personally.
3. Fast enough PCI-e bus to handle the traffic.  Expect minimally a
33% overhead for advertised speeds.  4x should be enough in this case.

Unfortunately, people generally haven't been able/willing to give me
exact hardware/OS configurations, but you should be able to do the
math to figure out what should work.

-- 
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcpreplay at 2.5 Gbit/sec?

Thanks!  I haven't looked at the exact distribution of packet size in our potential data sets, but I figure
Simple IMIX's average packet size of 340.3 bytes plus 18 bytes of Ethernet header might be a good rule of
thumb.[1]  If my math is right, that'd be somewhere around 117 Kpps for 2.5 Gbps, right?

We'd probably want to replay several TB worth of captured data, so loading it into RAM is probably not a good
option.  Given that we want to test indexing of application layer content, I'm reluctant to loop a smaller
data set repeatedly.  That's probably going to mean reading from disk, probably a fibrechannel SAN that we
have available.

If anyone has more exact hardware specs or software tuning recommendations, I'd really appreciate it.  The
target OS would probably be some flavor of Linux 2.6.x.

Thanks,
Dave Wilburn

[1] http://tecun.cimex.com.cu/tecun/software/Soporte%20Tecnico%20de%20Redes/Cisco/Routers/OTROS/1MxdPktSzThroughput.pdf

________________________________________
From: Aaron Turner [synfinatic <at> gmail.com]
Sent: Tuesday, September 14, 2010 5:18 PM
To: Main forum for tcpreplay
Subject: Re: [Tcpreplay-users] tcpreplay at 2.5 Gbit/sec?

On Tue, Sep 14, 2010 at 12:51 PM, Wilburn, David M. <dwilburn <at> mitre.org> wrote:
> All,
>
>
>
> We're looking into high speed packet capture and analysis systems that can
> capture at up to 2.5 Gbit/sec. We'd like to perform a lab evaluation, but
> somewhat unsure on how to proceed. I don't believe that an artificial
> traffic generator would work, because we're very interested in how the
> evaluated products process and index application layer data from rebuilt
> sessions, and I suspect that rich content data would be missing from
> artificially generated traffic. So, I think that probably leaves us with
> replaying traffic of existing captures, and speeding up the replay as
> necessary to match the peak performance required. I looked through the Wiki
> and FAQ on tcpreplay's site, but I'm not sure if the tips there are complete
> or current. For instance, it referred to 1 Gbit Intel NICs, but I'll need 10
> Gbit NICs to achieve my performance requirements.
>
>
>
> Has anyone successfully used tcpreplay at ~2.5 Gbit/sec or higher rates? If
> so, could you please describe your hardware (e.g., 10 gig NICs, storage,
> CPU, and quantity of each), and any special OS or tcpreplay tweaks needed to
> achieve this? If this is really infeasible using tcpreplay, that'd also be
> good to know, along with any pointers towards any alternatives.

What kind of packets/sec are you looking at?  In general, tcpreplay
tends to be more limited in the number of packets then bandwidth,
since bandwidth is just a function of packets/sec * size of packet.
FWIW, I know people have done in excess of 400K pps and over 4 Gbps.

Ideally you'll want:

1. Enough RAM to cache the pcap in memory or a fast enough disk array
to keep up with your bandwidth requirements
2. 10Gbit card with drivers which are optimized for your OS and packet
size.  I'd stay with a recent Broadcom or Intel personally.
3. Fast enough PCI-e bus to handle the traffic.  Expect minimally a
33% overhead for advertised speeds.  4x should be enough in this case.

Unfortunately, people generally haven't been able/willing to give me
exact hardware/OS configurations, but you should be able to do the
math to figure out what should work.

--
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: tcpreplay at 2.5 Gbit/sec?

On Tue, Sep 14, 2010 at 2:42 PM, Wilburn, David M. <dwilburn <at> mitre.org> wrote:
> Thanks!  I haven't looked at the exact distribution of packet size in our potential data sets, but I
figure Simple IMIX's average packet size of 340.3 bytes plus 18 bytes of Ethernet header might be a good
rule of thumb.[1]  If my math is right, that'd be somewhere around 117 Kpps for 2.5 Gbps, right?
>
> We'd probably want to replay several TB worth of captured data, so loading it into RAM is probably not a good
option.  Given that we want to test indexing of application layer content, I'm reluctant to loop a
smaller data set repeatedly.  That's probably going to mean reading from disk, probably a fibrechannel
SAN that we have available.
>
> If anyone has more exact hardware specs or software tuning recommendations, I'd really appreciate it.
 The target OS would probably be some flavor of Linux 2.6.x.
>
> Thanks,
> Dave Wilburn
>
> [1] http://tecun.cimex.com.cu/tecun/software/Soporte%20Tecnico%20de%20Redes/Cisco/Routers/OTROS/1MxdPktSzThroughput.pdf

My MacBook Pro does over 100Kpps.  Shouldn't be a problem with any
decent hardware.  There is some Linux kernel specific tuning info in
the Tcpreplay wiki which I know about.  It's also worth researching
how to ensure read-ahead is enabled for your hard disk.    Since
you'll be using large pcap files, using a large block size for your
file system will help speed reads as well.

After that, run some benchmarks, using tools like iostat and whatnot
to diagnose bottlenecks and replace hardware from there.

-- 
Aaron Turner
http://synfin.net/         Twitter:  <at> synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support