100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

What is a Replay Attack?

Learn what a replay attack is, how captured valid traffic gets resent, and defenses like nonces and timestamps.

mediumQ224 of 224 in Computer Networks Est. time: 5 minsLast updated:
Open Code Lab

Expected Interview Answer

A replay attack is when an attacker captures a legitimate, valid piece of network traffic — such as an authentication token or transaction request — and retransmits it later, unmodified, to trick a system into repeating the original action without needing to break any encryption.

Because the attacker never needs to decrypt or alter the captured data, a replay attack can succeed even against strongly encrypted traffic if the receiving system only checks that a message is well-formed and validly signed, not whether it has already been seen before. A classic example is capturing an encrypted login request or a signed 'transfer funds’ message and resending it later to log in again or repeat the transfer. Defenses rely on making each message unique and time-bound: nonces (single-use random values), sequence numbers, and timestamps let a receiver reject any message it has already processed or that has expired, which is exactly why TLS session establishment and protocols like Kerberos include these mechanisms. Without such protections, even a perfectly encrypted channel offers no guarantee that a captured message can’t simply be replayed to repeat an action.

  • Succeeds without ever breaking encryption, only capturing and resending traffic
  • Exploits systems that verify signatures/encryption but not message freshness
  • Countered with nonces, sequence numbers, and timestamps
  • Highlights why encryption alone is insufficient without freshness/integrity checks

AI Mentor Explanation

A replay attack is like someone recording the umpire’s exact radio call of 'that’s out, LBW' from a previous match and playing it back during a live game to make it sound like a real, current decision. The recording is a perfectly genuine, unaltered call, but replaying it out of context makes it falsely trigger an action in the present game. This is exactly how a replay attack works: no forgery is needed, only a valid message reused at the wrong time.

Step-by-Step Explanation

  1. Step 1

    Capture traffic

    The attacker intercepts a legitimate, valid message such as an authentication token or signed request.

  2. Step 2

    Store unmodified

    The captured message is kept exactly as-is; the attacker never needs to decrypt or alter it.

  3. Step 3

    Retransmit later

    The attacker resends the identical message to the receiving system at a later time.

  4. Step 4

    Action repeats

    If the receiver only checks validity, not freshness, it processes the message again, repeating the original action.

What Interviewer Expects

  • Correct definition: resending a captured, valid message to repeat an action
  • Understands the attack succeeds without breaking encryption
  • Names concrete defenses: nonces, sequence numbers, timestamps
  • Gives a realistic example (auth token, signed transaction)

Common Mistakes

  • Assuming replay attacks require decrypting the captured traffic
  • Confusing a replay attack with a man-in-the-middle attack
  • Not naming any freshness mechanism (nonce, timestamp, sequence number) as a defense
  • Thinking HTTPS alone automatically prevents replay attacks

Best Answer (HR Friendly)

A replay attack is when someone captures a legitimate piece of network traffic, like a login request, and simply resends it later to trick the system into repeating that action, without ever needing to break the encryption. It works because some systems only check that a message looks valid, not whether it is fresh, which is why protections like one-time tokens and timestamps exist to stop a captured message from being reused.

Code Example

Rejecting replayed requests with a nonce and timestamp check
import time

seen_nonces = set()
MAX_AGE_SECONDS = 60

def verify_request(nonce, timestamp, signature, payload):
    # Reject if the message is too old
    if abs(time.time() - timestamp) > MAX_AGE_SECONDS:
        raise ValueError("Request expired, possible replay")

    # Reject if this exact nonce has already been used
    if nonce in seen_nonces:
        raise ValueError("Nonce already used, replay detected")

    if not signature_is_valid(signature, payload):
        raise ValueError("Invalid signature")

    seen_nonces.add(nonce)
    return True

Follow-up Questions

  • How do nonces prevent replay attacks?
  • Why is a timestamp alone sometimes insufficient to stop replay attacks?
  • How does TLS session establishment defend against replay attacks?
  • What is the difference between a replay attack and a man-in-the-middle attack?

MCQ Practice

1. What defines a replay attack?

A replay attack resends an already-valid, captured message exactly as-is to repeat its effect.

2. Which mechanism most directly prevents a replay attack?

Nonces and timestamps let a receiver detect and reject a previously seen or expired message.

3. Why can a replay attack succeed even against encrypted traffic?

Since the message is resent unmodified, the attacker doesn't need to break the encryption at all.

Flash Cards

What is a replay attack?Capturing a valid message and resending it later to repeat its original effect.

Does a replay attack require breaking encryption?No — the message is resent exactly as captured, unmodified.

Main defenses?Nonces (single-use values), sequence numbers, and timestamps that enforce freshness.

Example of a replay attack?Resending a captured, valid signed “transfer funds” request to repeat the transfer.

1 / 4

Continue Learning