[127179] in North American Network Operators' Group
Re: PCAP Sanitization Tool
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Wed Jun 16 21:37:37 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <EFBFF5360F0AA044AC59D2198E5EE4AA02D5BBEC@EXCHANGEBE.iso-ne.com>
Date: Wed, 16 Jun 2010 18:37:01 -0700
To: "Bein, Matthew" <mbein@iso-ne.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 16, 2010, at 9:58 48AM, Bein, Matthew wrote:
> Hello,
>=20
>=20
>=20
> Anyone know of a good tool for sanitizing PCAP files? I would like to
> keep as much of the payload as possible but remove src and dst ip
> information.
>=20
>=20
What's your threat model? In general, proper anonymization of packet =
trace data is very hard.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
