Hello
@Igor Volkov @Igor Volkov ,
Refering to a previous note i have made on this as zoldax on the old forum...
Don't install it on a production environment, but on a separate Linux VM to do your tests.
On your QRadar Community Edition or Linux CentOS distro you can get tcpreplay from the EPEL repo.
Just do :
[root@qradarCE ~] yum --enablerepo=extras install epel-release
[root@qradarCE ~]# yum install tcpreplay
This will install tcpdump and tcpreplay on your Linux Centos Qradar CE.
For information EPEL (Extra Packages for Enterprise Linux) is open source and free community based repository project from Fedora team. This is for RHEL, CentOS, and Scientific Linux.
Epel project is not a part of RHEL/Cent OS but it is designed for these Linux distributions by providing lots of open source packages like networking, sys admin, programming, monitoring and so on.
Most of the epel packages are maintained by Fedora repo.
I have published some complementary notes (data bank etc..) about it a few time ago about tcpreplay, look at the answer :https://developer.ibm.com/answers/questions/446240/replay-network-flows-on-qradar-devtest-instance/Hope this help,Regards,
Pascal (zoldax)
------------------------------
@zoldax
https://www.youracclaim.com/users/pascal-weber.029e134d/badges------------------------------
Original Message:
Sent: Wed April 14, 2021 05:12 AM
From: Igor Volkov
Subject: QRadar and replaying traffic
Hello.
I try to run samples of traffic in QRadar via tcpreplay and get the following error messags: ./startPcap.sh: line 8: tcpreplay: command not found
We have QRadar 7.4.2. Is tcpreplay available in QRadar 7.3.2/7.3.3?
Will installing tcpreplay affect the functionality of QRadar?
------------------------------
Igor Volkov
------------------------------