Model-based traffic generated in the laboratory might not trigger some device defects found only by replaying traffic flows. However, capturing real flows might result in high storage cost and capture loss; the latter affects the accuracy of replay. Replaying real flows should be accurate and also stateful enough to adapt to device reaction. It should reproduce a defect efficiently in helping developers to identify the flows triggering the defect. Therefore, this work first presents the (N, M, P) capture scheme to capture N bytes per flow of data and M bytes of P packets after the N bytes. This scheme reduces 87% storage cost while retaining 99.74% of attack traffic. Next we develop a tool named SocketReplay with the mechanisms of loss-recovery, stateful replay, and selective replay to track TCP sequence numbers to identify capture loss, recover these incomplete flows, follow the TCP/IP protocol behavior, and incrementally select flows to replay. Numerical results show that SocketReplay retains the accuracy and statefulness in triggering device defects and could reduce replayed flows from thousands to tens.