Creating a .PCAP file from a Suricata rule


I’ve got many suricata rules I would like to test and for each one of them, I need a pcap that will trigger them.
So based on the malware content/signature or any other parameter you could find in the rule, is there a way to generate a simple pcap file which Its only goal is to cause an alert ?

Thank you

There are several ways to create custom pcaps.

Here’s a simple Python program that starts an HTTP server — use tcpdump to capture the traffic:

import http.server
import socketserver

PORT = 8080
Handler = http.server.SimpleHTTPRequestHandler

with socketserver.TCPServer(("", PORT), Handler) as httpd:
    print("serving at port", PORT)

You can also use the Python library scapy to create packets for a pcap file.