This handy utility takes any sort of input file and creates a pcap showing this file being downloaded from a remote web server, or the file being transferred via smtp/pop3/imap. The pcap is a full tcp stream from syn to fin and all the sequence numbers and checksums are all correct.
File2pcap now also supports quoted-mime encoding(experimental), additionally to the default mime(base64) encoding.
REPOST: File2pcap updated - now supports pop3/imap/smtp
I just posted the updated version 0.95 of file2pcap. The tool now also creates pcaps of files being transferred as email attachments via smtp/pop3/imap., besides the original functionality of creating pcaps showing a file being downloaded from an http server.
file2pcap - written by warlord / nologin.org
Takes a file as input and creates a pcap showing a client grabbing that file from a webserver or transferring it it by email(smtp/pop3/imap).
-m mode h - http / s - smtp / p - pop3 / i - imap [default: http]
-o outfile output filename
-p port[:port] specify source and/or destination port. -p 1234:80 will show a tcp connection from port 1234 to port 80
I had to release a bugfix here. Poison 1.5.4 had a minor change in how it determines its own source IP address. As a result that code broke when scanning hostnames, or ranges of hostnames. So while poison 1.5.3 would happily scan google.com/24, version 1.5.4 would not. This has now been fixed. Don't ask how this could have possibly evaded me.