rewritecap

rewritecap

A tool for rebasing a PCAP file, editing layer2 and layer3 addresses, and updating ARP packets. PCAP-ng files are not currently supported. This tool will accommodate 802.1Q tagged frames and Q-in-Q double tagged frames. The timestamp changes allow you to rebase the PCAP file to a new date without changing the actual time of day or the inter-frame gaps. You can also timeshift all of the packets by a value in +/-00h00m00s format. Multiple timeshifts can be specified at the same time by separating them with a comma, thus --time-shift=2h,-3m

I wrote this using Go (golang) v1.8.3

For command line flags run, ./rewritecap --help

Binary Releases

I have produced binaries for Mac OSX 10.10.5 and Ubuntu Linux 14.04 64bit (but should work on any 64bit Linux), please look in the releases section for the zip files

Installation From Source##

go/src/> go get github.com/jordan2175/rewritecap
go/src/> go install github.com/jordan2175/rewritecap/
go/src/> cd github.com/jordan2175/rewritecap
go/src/github.com/jordan2175/rewritecap/> go build rewritecap.go

Usage

See GoDoc for documentation and examples.

Examples

./rewritecap --help
./rewritecap -f test.pcap -n test2.pacp -y 2016 -m 3 -d 10
./rewritecap -f test.pcap -n test2.pcap --ip4 10.0.2.32 --ip4-new 2.2.2.2 --mac 68:A8:6D:18:36:92 --mac-new 22:33:44:55:66:77
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h1m3s
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h,-1m

Contributing

Contributions welcome! Please fork the repository and open a pull request with your changes or send me a diff patch file.

License

This is free software, licensed under the Apache License, Version 2.0.