Showing results for 
Search instead for 
Did you mean: 

Cisco WAAS: Using TCPReplay for Application Testing





The WAAS system consists of a set of devices called wide area application engines (WAEs) that work together to optimise TCP traffic over your network. If one WAE fails or experiences issues this reflects in overall system performance. Data replication applications are dependent on the IP network infrastructure for their performance. Wide Area Networks (WAN) introduce latency, packet loss, congestion and bandwidth limitations that impact data replication performance.


TCP Replay

TCPReplay is a tool designed to capture TCP based network traffic to a file. It is also designed to replay TCP traffic flow found within a previously-generated capture file between two nodes by acting on behalf of the nodes exchanging data in the capture file. For instance, a packet capture can be taken from a client running a specific application when accessing a specific server. This capture file can then be replayed between two network nodes using TCPReplay - one node will emulate the client and the other will emulate the server without having the client or server software installed on either host. In this way, the conversation will be "replayed", and if done with Cisco WAAS in the path between the communicating node, this will show with a fair degree of certainty the effectiveness of Cisco WAAS on that particular application.


TCPReplay relies on PCAP, an application programming interface (API) for packet capturing. The implementation of PCAP for Unixlike systems is known as libpcap, while the Windows port of libpcap is called WinPcap. With TCPReplay, traffic from a production application on a production network can be captured and replayed offline in a non-production environment using a different client and server. This helps to isolate the performance validation of Cisco WAAS from the production network while still providing accurate results. One does not need to reconstruct the application infrastructure in the captured network, as the two nodes replaying the network traffic will be simulating the client and server message exchanges.




WinPcap library 3.1 or later.


How To Install

To install TCPReplay follow these steps:


Step 1. Install WinPcap libraries (provided with the package) on both machines that will be involved in the replay. Make sure

to install them while logged on with an account with sufficient privileges. Note that WinPcap is commonly installed

when installing applications such as Wireshark or Ethereal for packet capturing.

Step 2. Copy the tcpreplay.exe file to a directory in the system path, such as C:WINDOWS or C:WINDOWS\SYSTEM32.

This needs to be done on both machines involved in the replay.


Steps for Executing TCPReplay

Follow these steps for analyzing traffic by running TCPReplay:


Step 1. Get the TCP dumps from the production network.

Step 2. Make sure that the TCP dumps contain the complete TCP Handshake.

Step 3. Get the Server and Client IP for which the complete TCP Handshake is captured.

Step 4. Also get the details of the applications / ports the client was connecting to server on.

Step 5. Download the TCPREPLAY.exe and place it in a folder under C;

Step 6. Make sure that the client PC and the Server has WinPCAP installed.

Step 7. Place the TCP dump from the customer in to the folder where TCPREPLAY.exe is placed.

Step 8. Make sure to clear the DRE and CIFS cache and statistics from both the branch and DC WAEs.

Step 9. Make sure that WCCP or the Inline interception is properly configured so that the traffic traverses both side WAEs.

Step 10. On the DC Server execute the following:


c:>tcpreplay -r -i EXAMPLE.pcap -l -r -b


where -r is to use the Replay Mode

      -i is to provide input from trace file

      -l is the local IP address in the trace (this should be server IP in the trace when run on the DC end)

      -r is the remote IP address in the trace to replay (this should be client IP in the trace when run on the DC end)

      -b is to bind the tcpreplay process to a specific IP Address specific after this switch.


After issuing the above commands the TCPREPLAY would use the input trace file and listen on the specified port on the bind IP.


Step 11. On the Branch Client execute the following: (the -l and -r IPs gets reversed when conpared to DC end)


c:>tcpreplay -r -i EXAMPLE.pcap -l -r -h


where -r is to use the Replay Mode

      -i is to provide input from trace file

      -l is the local IP address in the trace (this should be client IP in the trace when run on the Branch end)

      -r is the remote IP address in the trace to replay (this should be the server IP in the trace when run on Branch end)  

      -h is to mention the IP Address of the actual server in lab where the TCPREPLAY is listening on the emulated server port.


Once the TCPREPLAY process starts running on both sides, the client PC uses the input trace file and establishes connections with server using the same packet size and content as contained in the input trace file. The connection stats and the corresponding optimization can be checked on the WAEs and on CM as well.


Example Usage

To replay a capture file called "capture.cap".


1. Copy the "capture.cap" file to both client and server.


2. Start the server first:

./tcpreplay -r -i capture.cap -l -r


3. Start the client next:

./tcpreplay -r -i capture.cap -l -r -h


Important points to avoid errors

a). Make sure that the TCPREPLAY is bind to the proper IP Address on the server, else connection from client will fail.

b). The server natively should not have any ports open that are mentioned in the input trace file for the server else they will clash and will fail.

c). The input trace file should contain the complete TCP handshake else connection wouldn't get established through WAEs.


Related Information

Cisco WAAS: Basic Troubleshooting and Gathering Information

WCCP best practices for Cisco WAAS