# The pcap file formatted by "Linux cooked" # tcpdump -r myfile.pcap -nn reading from file event1.pcap, link-type LINUX_SLL (Linux cooked) ... ... # step1. read myfile.pcap pkts = rdpcap("myfile.pcap"); # step2. read myfile.pcap pkts = [Ether(src='00:11:22:33:44:55', dst='22:33:44:55:66:77')/pkt[1:] for pkt in pkts] # step3. modify IP address and recalculate chksum for pkt in pkts: pkt[1].dst='192.168.1.10'; pkt[1].src='192.168.1.1'; del pkt[IP].chksum del pkt[UDP].chksum # step4. packet send sendp(pkts[0]); # step5. save pcap wrpcap("output.pcap",pkts); # tcpdump -r output.pcap -nn reading from file output.pcap, link-type EN10MB (Ethernet) ... ... # pkt[1:] : It means IP layer 1) Before: Linux cooked / IP / UDP / UDP-Data 2) After: Ethernet / IP / UDP / UDP-Data