gitwtfhub

wtf is tcpcopy?

session-replay-tools/tcpcopy — explained in plain English

Analysis updated 2026-06-26

4,679CAudience · ops devopsComplexity · 4/5Setup · hard

TL;DR

A Linux tool that mirrors live production network traffic and replays it against a test server in real time, letting you test a new version of your app under realistic conditions without exposing real users to it. Does not support SSL/TLS.

Mindmap

mindmap
  root((tcpcopy))
    What it does
      Mirror live traffic
      Replay to test server
      Three-server setup
      No user impact
    Tech Stack
      C
      Linux kernel
      Raw packets
    Use Cases
      Stress testing
      Regression testing
      Cache pre-warming
      A/B performance
    Limitations
      No SSL TLS support
      May drop packets
      Root required

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Stress-test a new server version by replaying peak production traffic against it before going live.

REASON 2

Run regression tests using real-world request patterns instead of synthetic test data.

REASON 3

Pre-warm a new server's caches by mirroring production traffic onto it before switching traffic over.

REASON 4

Compare response times between two versions of an app side by side using identical live request streams.

What's in the stack?

CLinux

How it stacks up

session-replay-tools/tcpcopymicrosoft/procmon-for-linuxmicrosoft/msquic
Stars4,6794,6754,695
LanguageCCC
Setup difficultyhardmoderatehard
Complexity4/53/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · hard Time to first run · 1h+

Requires three servers, root or raw-packet network capability, and does not support SSL/TLS, HTTPS traffic cannot be mirrored.

License not stated in the explanation.

Wtf does this do

TCPCopy is a tool that copies live network traffic from a production server and replays it against a test or staging server. The problem it solves is realistic testing: synthetic test traffic rarely reflects the actual mix of requests, timing, and behavior that real users produce. By mirroring production traffic onto a separate server in real time, teams can observe how a new version of an application behaves under conditions that closely match what it will face once deployed. The setup involves three servers. The production server, where real users are currently making requests, runs the TCPCopy component. A separate target server, which might be running a new version of the application being tested, receives the copied requests. A third assistant server runs a companion component called intercept, which captures the responses the target server sends and relays just the header information back to TCPCopy. The target server's responses are routed to the assistant server rather than back to users, acting as a dead end so real users are unaffected. Common uses include stress testing by replaying high-traffic periods, regression testing to check that code changes have not broken anything, pre-warming a new server's caches before it goes live, and comparing performance between two versions of an application side by side. TCPCopy is written in C and runs on Linux with kernel version 2.6 or newer. It requires root permissions or a specific network capability to capture raw packets. The tool does not support SSL/TLS traffic and may drop some packets, which means some requests might not be replicated. It is widely used by companies in China according to the README. Installation follows a standard configure, make, make install sequence for both the tcpcopy and intercept components. Additional documentation covering architecture, usage examples, and pre-warming is linked from the README. The full README is longer than what was shown.

Yoink these prompts

Prompt 1
Walk me through setting up TCPCopy to mirror HTTP traffic from my production server to a staging server on Linux.
Prompt 2
How do I configure the intercept component so my test server's responses are captured and not sent back to real users?
Prompt 3
How do I use TCPCopy to replay a high-traffic period from production to stress-test a new server version?
Prompt 4
What are TCPCopy's limitations, specifically around SSL traffic, packet loss, and permissions?

Frequently asked questions

wtf is tcpcopy?

A Linux tool that mirrors live production network traffic and replays it against a test server in real time, letting you test a new version of your app under realistic conditions without exposing real users to it. Does not support SSL/TLS.

What language is tcpcopy written in?

Mainly C. The stack also includes C, Linux.

What license does tcpcopy use?

License not stated in the explanation.

How hard is tcpcopy to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is tcpcopy for?

Mainly ops devops.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.