capshift v0.3 Beta
Original by Foeh Mannay, January 2015
Current version by Niels Jakob Buch, February 2018

PURPOSE
=======

"capshift" is a tool which re-writes the timestamps of pcap files. This is useful when
you have two pcap files taken from different devices whose clocks are not synchronised
and you can't be bothered to repeatedly hand-correct the timestamps.

Or, you are analysing network traffic for different purposes, and needs test-data that 
are matching specific time or dates.

INSTALLATION
============
The library has on purpose been built to follow POSIX standards and should be cross-platform
compatible with no challenges.

For Linux / Mac / MinGW it should be possible to build from source using:

gcc -o capshift capshift.c

USAGE
=====

There are only three parameters and all are mandatory. You must specify your
input capture file (original pcap format) with the -r flag, your output capture file
with the -w flag and your time options with the -o, -t, -d or -t AND -d flag. Here's the four examples:

./capshift -r original.cap -w shifted.cap -o +14.5
./capshift -r original.cap -w shifted.cap -t 20:03
./capshift -r original.cap -w shifted.cap -d 21-12-2019
./capshift -r original.cap -w shifted.cap -t 23:30 -d 20-7-2017

The purpose of -t is to shift the time-stamps to another time, keeping the date.

The purpose of the -d is to shift the time-stamps to another date, but keeping the time-of-day.

The purpose of using both -t and -d is the give a totally fresh time-stamp.

Please note that all pcap records will be time-stamped relatively to the first record, based on the existing timestamps.

CHANGE LOG
==========

v0.1a	First working release.
v0.2a   Bugs for larger timeshifts, and larger files.
v0.3b   Adding absolute timeshifts
        Should be backward compatible with previous invocation parameters.
        Adding Mac OSX and Windows executables to ease quick-n-dirty users ;)