disk2n
10 Gigabit network traffic re-player
disk2n is able to replay network traffic previously captured with n2disk on live networks observing the original inter-packet time. disk2n supports the industry standard PCAP file format (with both regular and nanosecond timestamps).
disk2n has been designed to replay multiple pcap files of any size (even terabytes of traffic) with limited memory usage. You can specify a playlist of pcap files or a timeline produced by n2disk with a time interval, and instruct disk2n to continue from the first packet when the last one is reached. It is possible to determine in advance the amount of memory used by disk2n: it uses a memory buffer of arbitrary size to cache the next packets to replay, achieving great transmit performances with limited memory usage.
disk2n can be effectively used to perform numerous activities, among these:
- Reproduce selected long-term network activities.
- Replay previously captured traffic to a different network interface.
- Generate traffic to test network equipments that no traffic generator can do being them usually limited in replay duration.
at a glance
Key Features
- Replay traffic from standard PCAP playlists (regular and nanoseconds)
- Line-rate at original rate packet replay
- Customizable inter-packet time to replay traffic at capture rate or at a user-defined rate
- Packet reforging to change source/destination MAC/IP/Port on the fly, recalculating checksum
- Multi-core support to fully leverage on multicore architectures
- Native support for PF_RING Zero-Copy (ZC) to accelerate packet transmission
- Direct-IO disk access to obtain maximum disk-read throughput
Ideal for Every Environment
Use Cases
Network Devices and IDS Testing
Data captured to PCAP with n2disk, can be replayed to simulate real-world traffic in lab environments. This is essential for testing security appliances, validating IDS/IPS systems, or stress-testing new deployments before they go live. Replay real-world or synthetic attack traffic to evaluate how well security appliances detect or block threats or to analyze malware command-and-control patterns or observe how malware behaves in a controlled environment.
Incident Reconstruction and Simulation
Reconstruct historical incidents to understand attacker behavior or data exfiltration patterns or replay real attacks in red team/blue team exercises to simulate realistic threat environments.