{"id":8985,"date":"2020-02-11T21:20:11","date_gmt":"2020-02-11T15:50:11","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=8985"},"modified":"2020-02-11T21:20:11","modified_gmt":"2020-02-11T15:50:11","slug":"re2pcap","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/re2pcap\/","title":{"rendered":"Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds"},"content":{"rendered":"\n<p><strong>Re2Pcap<\/strong> is abbreviation for Request2Pcap and Response2Pcap. Community  users can quickly create PCAP file using it and test them against <a href=\"https:\/\/snort.org\">Snort<\/a> rules.<\/p>\n\n\n\n<p>It allow you to quickly create PCAP file for raw HTTP request shown below;<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">POST \/admin\/tools\/iplogging.cgi HTTP\/1.1<br>Host: 192.168.13.31:80<br>User-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:60.0) Gecko\/20100101 Firefox\/60.0<br>Accept: text\/plain, <em>\/<\/em>; q=0.01<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http:\/\/192.168.13.31:80\/admin\/tools\/iplogging.html<br>Content-Type: application\/x-www-form-urlencoded; charset=UTF-8<br>X-Requested-With: XMLHttpRequest<br>Content-Length: 63<br>Cookie: token=1e9c07e135a15e40b3290c320245ca9a<br>Connection: close<br><br>tcpdumpParams=tcpdump -z reboot -G 2 -i eth0&amp;stateRequest=start<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Usage<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>git clone https:\/\/github.com\/Cisco-Talos\/Re2Pcap.git<br>cd Re2Pcap\/<br>docker build -t re2pcap .<br>docker run &#8211;rm &#8211;cap-add NET_ADMIN -p 5000:5000 re2pcap<\/strong><\/p>\n\n\n\n<p>OR<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>docker run &#8211;rm &#8211;cap-add NET_ADMIN -p 5000:5000 &#8211;name re2pcap amitraut\/re2pcap<\/strong><\/p>\n\n\n\n<p>Open <code>localhost:5000<\/code> in your web browser to access it or use <a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap\/blob\/master\/Re2Pcap-cmd\">Re2Pcap-cmd<\/a> script to interact with it container to get PCAP in current working directory<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/whatthehack\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"WhatTheHack : A Collection Of Challenge Based Hack (opens in a new tab)\">WhatTheHack : A Collection Of Challenge Based Hack<\/a><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap#requirements\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Requirements<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Docker<\/li><li>HTTP Raw Request \/ Response<\/li><li>Web Browser (for best results, please use <strong><em>Chromium<\/em><\/strong> based web browsers)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap#advantages\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Advantages<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Easy setup. No complex multi-VM setup required<\/li><li>It runs on Alpine Linux based docker image that weighs less than 100 MB \ud83d\ude00<\/li><li>Allows you to dump simulated raw HTTP request and response in to PCAP<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap#dockerfile\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Dockerfile<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>FROM alpine<\/strong><br><br><strong>#Get required dependencies and setup for Re2Pcap<\/strong><br>RUN echo &#8220;http:\/\/dl-cdn.alpinelinux.org\/alpine\/edge\/testing&#8221; &gt;&gt; \/etc\/apk\/repositories<br>RUN apk update &amp;&amp; apk add python3 tcpdump tcpreplay<br>RUN pip3 install &#8211;upgrade pip<br>RUN pip3 install pexpect flask requests httpretty requests-toolbelt<br><br>COPY Re2Pcap\/ \/Re2Pcap<br>RUN cd Re2Pcap &amp;&amp; chmod +x Re2Pcap.py<br><br>WORKDIR \/Re2Pcap<br>EXPOSE 5000\/tcp<br><br><strong>#Run application at start of new container<\/strong><br>CMD [&#8220;\/usr\/bin\/python3&#8221;, &#8220;Re2Pcap.py&#8221;]<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Walkthrough<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Video walkthrough shows pcap creation for Sierra Wireless AirLink ES450 ACEManager iplogging.cgi <a href=\"https:\/\/www.talosintelligence.com\/reports\/TALOS-2018-0746\">command injection vulnerability<\/a> using it web interface<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-B5xI0f1CBlk\/XkFnUjp79UI\/AAAAAAAAE28\/Y_NkudMjs2MMf41xxzS_VJN0QtlS0x52ACLcBGAsYHQ\/s1600\/Re2Pcap-1.gif\" alt=\"\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Video walkthrough of PCAP creation for Sierra Wireless AirLink ES450 ACEManager iplogging.cgi <a href=\"https:\/\/www.talosintelligence.com\/reports\/TALOS-2018-0746\">command injection vulnerability<\/a> using Re2Pcap-cmd script <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-DRoBJpnknlY\/XkFnUQRclkI\/AAAAAAAAE20\/Nrn_FxoMY1sMSxS5n83y_qaWH626dXinQCLcBGAsYHQ\/s1600\/Re2Pcap-2.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Workflow<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-Pf7urt9ZdCg\/XkFnUfozG9I\/AAAAAAAAE24\/TEJlCt3WV04J32sUYtP60ydD22MiE-CYwCLcBGAsYHQ\/s1600\/Re2Pcap-3.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>As shown in the above image it is Alpine Linux based Python3 application with Flask based web interface<\/p>\n\n\n\n<p>It parses the input data as raw HTTP request or response and  actually perfoms client\/server interaction while capturing packets.  After the interaction it presents the captured packets as PCAP file<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap#recommendations\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Recommendations<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Please use Linux as your host operating system as it is well tested on Linux<\/li><li>If creating PCAP for <code><strong>Host: somedomain:5000<\/strong><\/code> i.e. port 5000, please change Flask application to run on other port by modifying Re2Pcap.Py <code><strong>app.run<\/strong><\/code> call otherwise PCAP will contain Flask application response<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap#limitations\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Limitations<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> If raw HTTP request is without <code><strong>Accept-Encoding:<\/strong><\/code> header <code><strong>Accept-Encoding: identity<\/strong><\/code> is added in the reqeust <ul><li>There is known <a href=\"https:\/\/github.com\/psf\/requests\/issues\/2234\">issue<\/a> for it in python requests. Following is closing note for that issue That&#8217;s really fairly terrible. Accept-Encoding: identity is always  valid, the RFCs say so. It should be utterly harmless to send it along.  Otherwise, removing this requires us to replace httplib. That&#8217;s a  substantial bit of work. =( <\/li><\/ul><\/li><li> The following are source and desination IPs in PCAPs from it <ul><li>Sourece IP: 10.10.10.1<\/li><li>Destination IP: 172.17.0.2 or (Re2Pcap Container&#8217;s IP Address) Please use <code><strong>tcprewrite -D<\/strong><\/code> option to modify desitnation IP to something else as per your need. You may also use <code><strong>tcpprep<\/strong><\/code> and <code><strong>tcprewrite<\/strong><\/code> to set other IPs as endpoints. Due to inconsistent result of <code><strong>tcprewrite<\/strong><\/code> I used alternative way to set different SRC\/DST IPs <\/li><\/ul><\/li><li> Specifying <code><strong>HTTP\/1.1 302 FOUND<\/strong><\/code> as response will generated PCAP with maximum possible retries to reach resource specified in <code><strong>Location:<\/strong><\/code> header. Plase export the first HTTP stream using wireshark in testing if you do not like the additional noise of other streams <\/li><\/ul>\n\n\n\n<div class=\"wp-block-button aligncenter is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/Cisco-Talos\/Re2Pcap\"><strong>Download<\/strong><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using it and test them against Snort rules. It allow you to quickly create PCAP file for raw HTTP request shown below; POST \/admin\/tools\/iplogging.cgi HTTP\/1.1Host: 192.168.13.31:80User-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:60.0) Gecko\/20100101 Firefox\/60.0Accept: text\/plain, \/; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http:\/\/192.168.13.31:80\/admin\/tools\/iplogging.htmlContent-Type: application\/x-www-form-urlencoded; [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16097,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","fifu_image_alt":"Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[],"class_list":["post-8985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Re2Pcap : Create PCAP file From Raw HTTP Request<\/title>\n<meta name=\"description\" content=\"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Re2Pcap : Create PCAP file From Raw HTTP Request\" \/>\n<meta property=\"og:description\" content=\"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-11T15:50:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds\",\"datePublished\":\"2020-02-11T15:50:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\"},\"wordCount\":619,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\",\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\",\"name\":\"Re2Pcap : Create PCAP file From Raw HTTP Request\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\",\"datePublished\":\"2020-02-11T15:50:11+00:00\",\"description\":\"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/re2pcap\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Re2Pcap : Create PCAP file From Raw HTTP Request","description":"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/re2pcap\/","og_locale":"en_US","og_type":"article","og_title":"Re2Pcap : Create PCAP file From Raw HTTP Request","og_description":"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.","og_url":"https:\/\/kalilinuxtutorials.com\/re2pcap\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-02-11T15:50:11+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Re2Pcap : Create PCAP file From Raw HTTP Request Or Response In Seconds","datePublished":"2020-02-11T15:50:11+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/"},"wordCount":619,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/","url":"https:\/\/kalilinuxtutorials.com\/re2pcap\/","name":"Re2Pcap : Create PCAP file From Raw HTTP Request","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","datePublished":"2020-02-11T15:50:11+00:00","description":"Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/re2pcap\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/re2pcap\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-INOCdn9djSA\/XkFnOv2GYqI\/AAAAAAAAE2w\/SKwV0GNmTvwSaJcF0cC6Pk7BkO9Oy1_3gCLcBGAsYHQ\/s1600\/Re2pcap%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":26087,"url":"https:\/\/kalilinuxtutorials.com\/packetstreamer\/","url_meta":{"origin":8985,"position":0},"title":"PacketStreamer : Distributed Tcpdump For Cloud Native Environments","author":"R K","date":"July 25, 2022","format":false,"excerpt":"PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's\u00a0ThreatStryker\u00a0security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, no additional processingPortability, works across\u00a0virtual machines, Kubernetes and AWS Fargate. Linux and Windows\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiTkHCvwNU8tGYVcAnk6Miwa2TPCvqEuLwUraN8EgTnIxoSgt42OuA5tf3japrvT_-amA-1tfmjpCLRW2UbYbo2QOuArD0FOaE-i2IGERGt9pDb_B0bGZ-NGtZQonS-LmN2jHMJD4ov8KrHbFYrytchu-eUzH1q9Z5atuDMo0n8GmU1K7PJwqkkxXkz\/s672\/Three-PacketStreamer-Use-Cases%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiTkHCvwNU8tGYVcAnk6Miwa2TPCvqEuLwUraN8EgTnIxoSgt42OuA5tf3japrvT_-amA-1tfmjpCLRW2UbYbo2QOuArD0FOaE-i2IGERGt9pDb_B0bGZ-NGtZQonS-LmN2jHMJD4ov8KrHbFYrytchu-eUzH1q9Z5atuDMo0n8GmU1K7PJwqkkxXkz\/s672\/Three-PacketStreamer-Use-Cases%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiTkHCvwNU8tGYVcAnk6Miwa2TPCvqEuLwUraN8EgTnIxoSgt42OuA5tf3japrvT_-amA-1tfmjpCLRW2UbYbo2QOuArD0FOaE-i2IGERGt9pDb_B0bGZ-NGtZQonS-LmN2jHMJD4ov8KrHbFYrytchu-eUzH1q9Z5atuDMo0n8GmU1K7PJwqkkxXkz\/s672\/Three-PacketStreamer-Use-Cases%20%281%29.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":9064,"url":"https:\/\/kalilinuxtutorials.com\/kawaiideauther-jam-wifi-clients-routers\/","url_meta":{"origin":8985,"position":1},"title":"KawaiiDeauther : Jam All WiFi Clients\/Routers","author":"R K","date":"February 16, 2020","format":false,"excerpt":"KawaiiDeauther is a pentest toolkit whose goal is to perform jam on WiFi clients\/routers and spam many fake AP for testing purposes. Dependencies macchangermdk3nmcli Installation Dependencies will be automatically installed. $ git clone https:\/\/github.com\/aryanrtm\/KawaiiDeauther $ cd KawaiiDeauther && sudo .\/install.sh $ sudo KawaiiDeauther.sh Also Read - Re2Pcap : Create PCAP\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":23012,"url":"https:\/\/kalilinuxtutorials.com\/espionage\/","url_meta":{"origin":8985,"position":2},"title":"Espionage : A Network Packet And Traffic Interceptor For Linux. Spoof ARP And Wiretap A Network","author":"R K","date":"March 18, 2022","format":false,"excerpt":"Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so, all data\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg0w6cOtKDq8oYWAAv2N53qm1jmYIC47RvxENLbSQ2O8UWQr9muXVJhAkFDyN1N4TupwqJx2kDYU_-MME1KxPJLAFHgHsgf7GidgqFvNSqCZPwp22RK4rY2g3CufScqWgygbznsZrn1C8Dehrgetvv219VVtKyuRobWCkckM38UmA81dWadeOaYfqWW=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg0w6cOtKDq8oYWAAv2N53qm1jmYIC47RvxENLbSQ2O8UWQr9muXVJhAkFDyN1N4TupwqJx2kDYU_-MME1KxPJLAFHgHsgf7GidgqFvNSqCZPwp22RK4rY2g3CufScqWgygbznsZrn1C8Dehrgetvv219VVtKyuRobWCkckM38UmA81dWadeOaYfqWW=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg0w6cOtKDq8oYWAAv2N53qm1jmYIC47RvxENLbSQ2O8UWQr9muXVJhAkFDyN1N4TupwqJx2kDYU_-MME1KxPJLAFHgHsgf7GidgqFvNSqCZPwp22RK4rY2g3CufScqWgygbznsZrn1C8Dehrgetvv219VVtKyuRobWCkckM38UmA81dWadeOaYfqWW=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg0w6cOtKDq8oYWAAv2N53qm1jmYIC47RvxENLbSQ2O8UWQr9muXVJhAkFDyN1N4TupwqJx2kDYU_-MME1KxPJLAFHgHsgf7GidgqFvNSqCZPwp22RK4rY2g3CufScqWgygbznsZrn1C8Dehrgetvv219VVtKyuRobWCkckM38UmA81dWadeOaYfqWW=s728 2x"},"classes":[]},{"id":31534,"url":"https:\/\/kalilinuxtutorials.com\/dosinator\/","url_meta":{"origin":8985,"position":3},"title":"DoSinator: Unleashing the Power of Denial of Service (DoS) Testing","author":"Varshini","date":"December 15, 2023","format":false,"excerpt":"DoSinator is a powerful Denial of Service (DoS) testing tool developed in Python. Designed for security professionals and researchers, this tool allows them to simulate various DoS attacks, providing a realistic environment for assessing the resilience of networks, systems, and applications against potential cyber threats. Features Multiple Attack Modes: DoSinator\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggRObeStCxEHvK3S_0I9KPVbMFyxhiW03mAQAwfDD1o9a7q_NojzzeGPrM_SoPckACOBIYJsmq22X2dKKW0MTpQPl9k8xF18dd4iqeXN7RAuCwFrbC8JZmgKPAvyH9o5v_UHiOm3SGPrJnPlJU9AwUiB2AddnC2txSWuLICyHD3KW5z4NosjxQB2nDkA\/s16000\/DoSinator.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5267,"url":"https:\/\/kalilinuxtutorials.com\/pcapxray\/","url_meta":{"origin":8985,"position":4},"title":"PcapXray : Tool To Visualize A Packet Capture Offline","author":"R K","date":"June 7, 2019","format":false,"excerpt":"PcapXray is a Network Forensics Tool to visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":13724,"url":"https:\/\/kalilinuxtutorials.com\/pywhat\/","url_meta":{"origin":8985,"position":5},"title":"pyWhat : Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More&#8230;","author":"R K","date":"June 25, 2021","format":false,"excerpt":"pyWhat is the easiest way to identify anything. pip3 install pywhat && pywhat --help What\u00a0is this? Imagine this: You come across some mysterious text\u00a0\ud83e\uddd9\u200d\u2642\ufe0f\u00a05f4dcc3b5aa765d61d8327deb882cf99\u00a0and you wonder what it is. What do you do? Well, with\u00a0what\u00a0all you have to do is ask\u00a0what \"5f4dcc3b5aa765d61d8327deb882cf99\"\u00a0and\u00a0what\u00a0will tell you! what's job is to\u00a0identify\u00a0what\u00a0something is.\u00a0Whether it\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=8985"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8985\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16097"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=8985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=8985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=8985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}