We have a production environment that is pretty heavily stressed, to the point that some connect requests are dropped. We've pushed the connection backlog up to 100 but are still seeing some issues with dropped connections (100 is well in excess of what we think could be happening due to the configuration).
What I would like to do is get a large wireshark capture and then setup one or more machines that could play that capture back so that we could replicate the situation in a non-production environment. Right now we cannot seem to reproduce this problem at all and I was thinking if we could use multiple machines in our lab to test with real production data, we might be able to "replay" the packet capture.
Problem is that right now I don't have time to write the playback tool, so I'm hoping someone knows of a tool that is already out there that will deal with playback and the bits and pieces of the packets that would have to be changed to deal with that (port #'s, etc....)
Wireshark isn't a requirement, just the first tool that comes to mind because they have it in the switch the machines are connected to.
Anyone know of anything that would allow network traffic simulation from a packet capture?
You didn't mention what kind of connections/traffic, so I'll assume HTTP for now.
The advantage of approaching this problem with a packet capture tool is that you don't need to understand the traffic pattern because it will EXACTLY duplicate the incoming network traffic that was recorded. The downside is that it will EXACTLY duplicate the incoming network traffic :( You've already grokked the fact that some of this stuff probably needs to be different - but figuring out what is what at the packet layer, and changing it, is going to be very difficult (depending on the type of traffic you need to model). The more complex the workload, the more difficult it will be to duplicate it. If it is a semi-sophisticated web app, you're facing a difficult challenge. What you need is a load testing tool.
If the load is primarily web traffic (HTTP), then you have lots of options. I'll offer our Load Tester LITE product, which is free and can generate massive amounts of load (despite the name) for relatively simple workloads.