Does anyone know of a tool that will take a PCAP file as input and output the same file with modified timestamps?
For example, say I have a PCAP file whose time range is March 1st, 2009 1:00pm to 2:00pm and I want to change the times so the file contains the time range March 31st, 2009 1:00pm to 2:00pm.
I'm not aware of a tool that does it but the PCAP format is well documented and libraries are available to process the files for you.
This page shows the formats and links to libpcap. It shouldn't be too hard to write a program to transform all the packet headers to start at a new date. Just work out the tv_sec you want and adjust all the packet tv_sec values based on the difference between your desired start value and the first packet's actual value.
I suspect you wouldn't need to adjust the tv_usec values.
:-) Or you could just use editcap, like sigjuice suggests. But I'll leave this answer here for reference anyway, even though you should accept the other one.