Is it possible to replace a PCAP's timestamps with the timestamps in an ERSPAN header?

edit

We care far more about when a packet transited the ERSPAN source device than when it arrived at the packet capture endpoint.

And somebody debugging issues with the ERSPAN mechanism might care about the time stamps when the ERSPAN packet is transmitted or received.

What might be useful 1) a mechanism in Wireshark by which a packet can change the displayed time stamps in the time stamp column and the frame part of the packet details and 2) per-protocol preferences to control whether a dissector should override the capture file timestamp or not.

(And what might be useful in libpcap is a way to receive the GRE packets from a machine using ERSPAN and de-encapulate them, so you just directly to an ERSPAN capture in tcpdump or Wireshark or....)

Looks like you could do it with a lua script.
WSDG 12.11.5.5. frameinfo.time:

12.11.5.5. frameinfo.time
Mode: Retrieve or assign.
The packet timestamp as an NSTime object.
Note: Set the FileHandler.time_precision to the appropriate wtap_file_tsprec value as well.

FileHandler and FrameInfo examples in Wiki/Lua/Examples A pcap FileShark script

Would take a pass to extract the timestamps and store to file or perhaps a lua table.
Then reopen the file in Frame mode and update the timestamps.

(sample capture erspan_type_III.cap attached to 13400: Improve CISCO ERSPAN Dissector)

Here is a script that reads a text file with list of packets to filter/keep:
using tshark with huge display filters
If the timestamps are stored in an ASCII file could read them in similar to reading packet list above.

(Timestamps more uniform in 5244: Add Dissector for ERSPAN Type-III Header pcap)