How to reproduce http traffic of a real site in another environment (e.g. VM)

linux http tcpdump network-traffic tcpreplay

There is a bug in my web application which I cannot reproduce. All the logs look ok or at least I cannot see anything unusual. But it happens. So I thought I could record all the traffic to/from my web site waiting for the bug to happen and having that, replay it somehow in my testing environment. And it did happen! So I have the data captured by this:

tcpdump -s 1514 -X tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) -Z root -C 20 -W 1000 -w capture.cap

and I don't know what can I do with it. I have a virtual machine running the same version of the web app and I'd like to replay the recorded data in it. How should I approach this?

[EDIT]

I tried doing this with tcpreplay following this example but my web server has not logged any traffic.

My testing machine (Fedora 8) runs in VMWare Player. Assuming that the IP of the machine is 192.168.41.128 and it has one network interface: eth0 (except loopback) - how the steps #2 and #3 from the example should look like in my case? Should I run it on the same machine or from another one?


Solution 1:

You have a few options, all of them cool and none of them drop-in products. Some assembly required.

  • There's the PERL application Sprocket to be able to replay web traffic. Here's the raw PERL.
  • There's TCPReplay.
  • If you use a Varnish server, you can use varnishreplay.
  • There's also a tool called "PReplay" that is for Windows machines.
  • JWireReplay will replay tcpdump captures.

What you will likely want to do is forget the logs you've already inspected, or at least abandon any desire to replay those files. Set up one of these systems and use it in a controlled manner to test out your traffic.

Solution 2:

You can use tcptrace to convert the pcap file into separate requests which can then be replayed using netcat. Here is an example:

tcpdump -s 0 port http -i en0 -w dump.pcap
tcptrace -e dump.pcap
cat *.dat | nc -v <IP_OF_YOUR_TEST_HOST>

The second step might create too many files for * to work correctly. In this case, use a for loop for the third command:

for file in $(ls | grep .dat); do cat $file | nc -v <IP_OF_YOUR_TEST_HOST>; done

Note that this might be slower than your original traffic.

Solution 3:

GoReplay is designed for capturing production traffic and replaying that in test environments. See https://goreplay.org/ or https://github.com/buger/goreplay/wiki for more information.

Related

The benefits of using statsd?
Control SSL Cipher Priority/Order for Tomcat to avoid BEAST attack
System Claims to be Rebooting without Shutdown Running
What are some ways to prevent user cron jobs from crushing the servers?
How to call a puppet filetemplate twice with different parameters without using define?
Run application as root without sudo
How to start a rake task using upstart
Is there a way to control two instantiated systemd services as a single unit?
Installing IIS on Win Server 2003 without the installation CD?
tuning linux cache settings for inode caching
How to serve a wget --mirror'ed directory of files with questionmarks in them
Windows Update not working on Windows Server 2008 R2