New and Improved Pcap Utility

It's been three years since I wrote the first pcap-util perl script for splitting and searching pcap capture files, and now largley thanks to Damien Mascord of we have an update. Prepare yourself to be amazed by the sequal: "Pcap Util 2, Attack of the Application Layer"
The original pcap-util allowed you to split large dump files into smaller chunks of x MB in size, or to extract packets which fell within a certain time period. A little while later I added the ability to filter the dump using the standard libpcap filtering language. This languag can extract data using most of the structures/fields used in layers 2-4 of the IP stack.
The new version of pcap-util adds two new functions which can be used to search for arbritary strings within the application data of the packet:
1. Modify: This function allows you to search for a regular expression within the capture file, and replace it with another string. This is really useful if a vendor has asked you for a tcpdump, to help diagnose a problem, but you need to ensure that you're not storing or sending any sensitive information within the data. Really useful if you need to adhere to PCI DSS guidelines. An example: Remove all Credit Card numbers from a capture file:
./pcap-util modify input.pcap output.pcap "\d{12}" "XXXXXXXXXXXXX"
2. Search: This function was added by me, and really just re-uses Damiens matchng code, but without the replacement. Search will look for packets containing the data you are searching for and copy them into the output file.
pcap-util2 can be downloaded from here: