Tool to create pcap file for any given file

Got a file with you & wondered if you could have the same file in a pcap with http transaction for your testing.

Now, have come up with a simple python script which can create a pcap out of a file. No more capturing of the same using wireshark or having 3 servers(client, server,sniffer) to generate the pcap. You would just need a linux with one single interface with web server running on it. As simple as that.

Software Requirements:
——————————
1. Ubuntu(Linux) server
2. apache2 web server running on port 80
3. tcpreplay suite >=3.4.4(this will have tcpprep,tcprewrite) –>http://tcpreplay.synfin.net/zip-attachment/wiki/Download/
4. tcpdump –>http://www.tcpdump.org/#latest-release
5. wget –> http://ftp.gnu.org/gnu/wget/
6. python 2.7 or greater –> comes with Ubuntu by default

Instruction to use:
————————–
1. Download file_to_pcap.py python file and save it in your Linux server
2. Make sure all the above system requirement are met and running
3. Login as root
4. For help use -h or –help option .
example: python file_to_pcap.py –help
file_to_pcap.py -i -o –src_ip –dst_ip

command lime parameters:
-i = directory path where you have placed files to convert to pcap
-o = provide path to save generated pcap
–src_ip = ip address of source you want in pcap
–dst_ip = ip address of endpoint(destination) you want in pcap

full command looks like this:
————————————–
root@ubuntu:/home/xyz# python file_to_pcap.py -i /malware/raghav/input_file_dir/ -o /malware/raghav/output_pcap_dir/ –src_ip 10.2.2.2 –dst_ip 10.2.2.4

Script output:
————————–

Running file_to_pcap.py script
Running file_to_pcap.py script

5. Once done please see the output pcap under “pcap file output directory” you specified.

Download Source code:
———————-
file_to_pcap.zip

PS: You can modify the code to suite your requirement. If you want to generate pcap with ftp,https or any other protocol modify wget part of the code under create_pcap function and you are ready to go.

Let me know if it works for you guys…

Like to come up with simple solutions to complex issues encountered during testing security products/applications and to share my knowledge thru blogs. Working as Technical leader in network security domain.

Leave a Reply