This script will help you interactively search within and edit a pcap file. Check following sample output from included command files for more details.
$ python pcapedit.py <cmds.search.txt
PcapEdit - An Interactive Pcap Editor
Nothing to search! Use 'analyze' first.
Read 43 packets from http.cap
search for tcp packets
Found 41 matches for search query '6 in ip.proto': 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43
search for udp packets
Found 2 matches for search query '17 in ip.proto': 13, 17
search for raw string
Found 5 matches for search query '(?i)Google in pay.load': 8, 10, 18, 26, 36
search for raw string
Incorrect searchvalue 'test' for protofield 'dns.ns', expected <type 'int'>
search for raw string
Found 19 matches for search query '.* in pay.load': 4, 6, 8, 10, 11, 14, 16, 18, 20, 21, 23, 26, 27, 29, 31, 32, 34, 36, 38
search within ether packets
Found 20 matches for search query '00:00:01:00:00:00 in ether.src': 1, 3, 4, 7, 9, 12, 13, 15, 18, 19, 22, 25, 28, 30, 33, 35, 37, 39, 41, 42
$
$ python pcapedit.py <cmds.searchreplace.txt
PcapEdit - An Interactive Pcap Editor
Read 43 packets from http.cap
Replacing IP.src to '1.1.1.1' where IP.src is '145.254.160.237'
0: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
2: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
3: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
6: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
8: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
11: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
12: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
14: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
17: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
18: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
21: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
24: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
27: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
29: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
32: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
34: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
36: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
38: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
40: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
41: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
Replacing IP.dst to '1.1.1.1' where IP.dst is '145.254.160.237'
1: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
4: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
5: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
7: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
9: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
10: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
13: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
15: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
16: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
19: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
20: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
22: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
23: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
25: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
26: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
28: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
30: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
31: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
33: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
35: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
37: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
39: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
42: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
Replacing IP.src to '2.2.2.2' where IP.src is '65.208.228.223'
1: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
4: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
5: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
7: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
9: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
10: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
13: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
15: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
19: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
20: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
22: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
28: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
30: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
31: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
33: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
37: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
39: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
42: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
Replacing IP.dst to '2.2.2.2' where IP.dst is '65.208.228.223'
0: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
2: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
3: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
6: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
8: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
11: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
14: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
18: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
21: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
24: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
29: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
32: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
34: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
38: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
40: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
41: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
0: 2004/05/13 03:17:07 1.1.1.1:3372 -> 2.2.2.2:80 TCP S
1: 2004/05/13 03:17:08 2.2.2.2:80 -> 1.1.1.1:3372 TCP SA
2: 2004/05/13 03:17:08 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
3: 2004/05/13 03:17:08 1.1.1.1:3372 -> 2.2.2.2:80 TCP PA (479 bytes)
4: 2004/05/13 03:17:08 2.2.2.2:80 -> 1.1.1.1:3372 TCP A
5: 2004/05/13 03:17:08 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
6: 2004/05/13 03:17:09 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
7: 2004/05/13 03:17:09 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
8: 2004/05/13 03:17:09 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
9: 2004/05/13 03:17:09 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
10: 2004/05/13 03:17:09 2.2.2.2:80 -> 1.1.1.1:3372 TCP PA (1380 bytes)
11: 2004/05/13 03:17:09 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
12: 2004/05/13 03:17:09 1.1.1.1:3009 -> 145.253.2.203:53 UDP (47 bytes)
13: 2004/05/13 03:17:09 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
14: 2004/05/13 03:17:10 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
15: 2004/05/13 03:17:10 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
16: 2004/05/13 03:17:10 145.253.2.203:53 -> 1.1.1.1:3009 UDP (146 bytes)
17: 2004/05/13 03:17:10 1.1.1.1:3371 -> 216.239.59.99:80 TCP PA (721 bytes)
18: 2004/05/13 03:17:10 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
19: 2004/05/13 03:17:10 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
20: 2004/05/13 03:17:10 2.2.2.2:80 -> 1.1.1.1:3372 TCP PA (1380 bytes)
21: 2004/05/13 03:17:10 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
22: 2004/05/13 03:17:10 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
23: 2004/05/13 03:17:10 216.239.59.99:80 -> 1.1.1.1:3371 TCP A
24: 2004/05/13 03:17:11 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
25: 2004/05/13 03:17:11 216.239.59.99:80 -> 1.1.1.1:3371 TCP PA (1430 bytes)
26: 2004/05/13 03:17:11 216.239.59.99:80 -> 1.1.1.1:3371 TCP PA (160 bytes)
27: 2004/05/13 03:17:11 1.1.1.1:3371 -> 216.239.59.99:80 TCP A
28: 2004/05/13 03:17:11 2.2.2.2:80 -> 1.1.1.1:3372 TCP PA (1380 bytes)
29: 2004/05/13 03:17:11 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
30: 2004/05/13 03:17:11 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
31: 2004/05/13 03:17:11 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
32: 2004/05/13 03:17:11 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
33: 2004/05/13 03:17:11 2.2.2.2:80 -> 1.1.1.1:3372 TCP A (1380 bytes)
34: 2004/05/13 03:17:11 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
35: 2004/05/13 03:17:12 216.239.59.99:80 -> 1.1.1.1:3371 TCP PA (1430 bytes)
36: 2004/05/13 03:17:12 1.1.1.1:3371 -> 216.239.59.99:80 TCP A
37: 2004/05/13 03:17:12 2.2.2.2:80 -> 1.1.1.1:3372 TCP PA (424 bytes)
38: 2004/05/13 03:17:12 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
39: 2004/05/13 03:17:25 2.2.2.2:80 -> 1.1.1.1:3372 TCP FA
40: 2004/05/13 03:17:25 1.1.1.1:3372 -> 2.2.2.2:80 TCP A
41: 2004/05/13 03:17:37 1.1.1.1:3372 -> 2.2.2.2:80 TCP FA
42: 2004/05/13 03:17:37 2.2.2.2:80 -> 1.1.1.1:3372 TCP A
Wrote 43 packet(s) to http.mod.cap
$