Sounds pretty similar to tcprewrite, isn't it? http://tcpreplay.synfin.net/wiki/tcprewrite
On Fri, Oct 30, 2015 at 1:14 AM, Bret Jordan <jordan2...@gmail.com> wrote: > Dev list, > > I wrote a command line tool that you might want to include in the > Wireshark bundle of command line tools. > > rewritecap is a tool for rebasing a PCAP file, editing layer2 and layer3 > addresses, and updating ARP packets. PCAP-ng files are not currently > supported. This tool will accommodate 802.1Q tagged frames and > Q-in-Q double tagged frames. > > The timestamp changes allow you to rebase the PCAP file to a new date > without changing the actual time of day or the inter-frame gaps. You can > also timeshift all of the packets by a value in +/-00h00m00s format. > Multiple timeshifts can be specified at the same time by separating > them with a comma, thus --time-shift=2h,-3m > > ./rewritecap --help > ./rewritecap -f test.pcap -n test2.pacp -y 2016 -m 3 -d 10 > ./rewritecap -f test.pcap -n test2.pcap --ip4 10.0.2.32 --ip4-new 2.2.2.2 > --mac 68:A8:6D:18:36:92 --mac-new 22:33:44:55:66:77 > ./rewritecap -f test.pcap -n test2.pcap --time-shift=2h1m3s > ./rewritecap -f test.pcap -n test2.pcap --time-shift=2h,-1m > > rebasecap is Apache 2.0 licensed and will compile to a static binary for > Linux and Mac OS X. It should also compile to a static binary for Windows > but have not tested that. > > It is written in Go 1.5. Code, install, and compile instructions can be > found here: > > https://github.com/jordan2175/rewritecap > > > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that > can not be unscrambled is an egg." > > > > > > > > > > > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
