Sometimes you need to change the timestamp of a previous recorded PCAP file. To do so follow the steps below:
1. Download and install wireshark
2. check the current timestamp of you pcap file – in my case this was the following:
3. Browse to the http://www.timeanddate.com/ site to calculate the time difference in seconds between the recorded & current time.
In this case this was the following:
4. Execute the editcap.exe program of Wireshark to create a new PCAP file containing a current timestamp:
c:\Program Files (x86)\Wireshark>editcap.exe -t 83585803 -F pcap Lab5.pcap x:\TEST3.pcap
5. Open the new PCAP file in wireshark to confirm the change in date & time
RootSecurity 