Just released: tcpreplay 3.0 Beta 1

[ADT <synfinatic () gmail com>]

Well things have stablized enough I think to start getting other
people's feedback on the new 3.0 branch to release 3.0 Beta 1.

For those of you not familar with it, tcpreplay is a suite of BSD
licensed tools  for *NIX operating systems (although there is a Win32 port)
which gives you the ability to use previously captured traffic in  libpcap
format to test a variety of  network devices.  It allows you to classify traffic
as client or  server, rewrite Layer 2, 3 and 4 headers and finally replay
the traffic back onto the network and through other devices such as 
switches, routers,  firewalls, NIDS and IPS's.

What's new you ask?  Well plenty...

The biggest change is all the packet editing code has been moved to a
new application called tcprewrite.  This should hopefully make things
simpler and easier to use, but definately will improve replay speed.  As
a matter of fact, even if you're not editing packets, 3.0 should be
faster then 2.3.3.

The other big change is using GNU Autogen/Autoopts for processing the
command line and config files.  Also, since the man pages are built
directly from the code, they should always be accurate and up to date.
Note: flowreplay does not currently use Autoopts, so the man page is
inaccurate.  But since flowreplay is still in alpha and doesn't really
work, I'm not worrying about it too much. :)

Anyways, most of all the features from 2.3.3 should be working in this
Beta, but a few like bridge mode have been pulled for now.  If your
favorite feature isn't in Beta 1, drop me a line and I'll make sure it's
back in Beta 2.

I've worked on updating the FAQ and have started a real manual, but both
still need work to be complete and accurate.   The man pages are pretty
good though.  If you've got questions, please email the list.  If you
want to take a peek, it's all posted on the website.

Lastly, I'm asking for comments on wether or not tcpreplay should ship
with libnet and libpcap.  A lot of people it seems have problems linking
tcpreplay with libnet and libpcap (often because they have multiple
versions installed) or have problems with running an older version which
is less then ideal for tcpreplay.

The advantage of course is that these problems go away.  The
disadvantage is that the tarball will be bigger and compile time will
longer too.  I'd rather not do this since it's just more work for me,
but I get enough questions about it where I'm open to the idea.

As always, get it here:
http://tcpreplay.sourceforge.net/

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------