Hello,
I’ve got many suricata rules I would like to test and for each one of them, I need a pcap that will trigger them.
So based on the malware content/signature or any other parameter you could find in the rule, is there a way to generate a simple pcap file which Its only goal is to cause an alert ?
Thank you
There are several ways to create custom pcaps.
Here’s a simple Python program that starts an HTTP server — use tcpdump to capture the traffic:
import http.server
import socketserver
PORT = 8080
Handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer(("", PORT), Handler) as httpd:
print("serving at port", PORT)
httpd.serve_forever()
You can also use the Python library scapy to create packets for a pcap file.