Tool to create pcap file for any given file

Got a file with you & wondered if you could have the same file in a pcap with http transaction for your testing.

Now, have come up with a simple python script which can create a pcap out of a file. No more capturing of the same using wireshark or having 3 servers(client, server,sniffer) to generate the pcap. You would just need a linux with one single interface with web server running on it. As simple as that.

Software Requirements:
1. Ubuntu(Linux) server
2. apache2 web server running on port 80
3. tcpreplay suite >=3.4.4(this will have tcpprep,tcprewrite) –>
4. tcpdump –>
5. wget –>
6. python 2.7 or greater –> comes with Ubuntu by default

Instruction to use:
1. Download python file and save it in your Linux server
2. Make sure all the above system requirement are met and running
3. Login as root
4. For help use -h or –help option .
example: python –help -i -o –src_ip –dst_ip

command lime parameters:
-i = directory path where you have placed files to convert to pcap
-o = provide path to save generated pcap
–src_ip = ip address of source you want in pcap
–dst_ip = ip address of endpoint(destination) you want in pcap

full command looks like this:
root@ubuntu:/home/xyz# python -i /malware/raghav/input_file_dir/ -o /malware/raghav/output_pcap_dir/ –src_ip –dst_ip

Script output:

Running script
Running script

5. Once done please see the output pcap under “pcap file output directory” you specified.

Download Source code:

PS: You can modify the code to suite your requirement. If you want to generate pcap with ftp,https or any other protocol modify wget part of the code under create_pcap function and you are ready to go.

Let me know if it works for you guys…

Like to come up with simple solutions to complex issues encountered during testing security products/applications and to share my knowledge thru blogs. Working as Technical leader in network security domain.

Leave a Reply