A tool for rebasing a PCAP file, editing layer2 and layer3 addresses, and updating ARP packets. PCAP-ng files are not currently supported. This tool will accommodate 802.1Q tagged frames and Q-in-Q double tagged frames. The timestamp changes allow you to rebase the PCAP file to a new date without changing the actual time of day or the inter-frame gaps. You can also timeshift all of the packets by a value in +/-00h00m00s format. Multiple timeshifts can be specified at the same time by separating them with a comma, thus --time-shift=2h,-3m
I wrote this using Go (golang) v1.8.3
For command line flags run, ./rewritecap --help
I have produced binaries for Mac OSX 10.10.5 and Ubuntu Linux 14.04 64bit (but should work on any 64bit Linux), please look in the releases section for the zip files
go/src/> go get github.com/jordan2175/rewritecap
go/src/> go install github.com/jordan2175/rewritecap/
go/src/> cd github.com/jordan2175/rewritecap
go/src/github.com/jordan2175/rewritecap/> go build rewritecap.go
See GoDoc for documentation and examples.
./rewritecap --help
./rewritecap -f test.pcap -n test2.pacp -y 2016 -m 3 -d 10
./rewritecap -f test.pcap -n test2.pcap --ip4 --ip4-new --mac 68:A8:6D:18:36:92 --mac-new 22:33:44:55:66:77
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h1m3s
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h,-1m
Contributions welcome! Please fork the repository and open a pull request with your changes or send me a diff patch file.
This is free software, licensed under the Apache License, Version 2.0.