[127194] in North American Network Operators' Group
Re: PCAP Sanitization Tool
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jun 17 16:53:16 2010
To: Sebastian Castro <sebastian@nzrs.net.nz>
In-Reply-To: Your message of "Thu, 17 Jun 2010 11:15:05 +1200."
<4C195AF9.9050304@nzrs.net.nz>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 17 Jun 2010 09:35:40 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1276781740_27580P
Content-Type: text/plain; charset=us-ascii
On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said:
> Bein, Matthew wrote:
> > Anyone know of a good tool for sanitizing PCAP files? I would like to
> > keep as much of the payload as possible but remove src and dst ip
> > information.
> Would address anonymization work? Instead of removing src/dst ip, you
> can zero them.
No, if you simply zero the source and dest fields, you can't tell the difference
between packets going "A->B" and "B->A", which is usually something you kind
of want to keep track of.
--==_Exmh_1276781740_27580P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMGiSscC3lWbTT17ARAtKgAKCpNIH85kKQmYJbPnkkU3Rq63AT+QCeLL7F
uHd+1w9jTTDjn3n24y0RPdU=
=ZUyA
-----END PGP SIGNATURE-----
--==_Exmh_1276781740_27580P--
