tcpdump mailing list archives
Re: Anonymizing tcpdump
From: Guy Harris <guy () alum mit edu>
Date: Wed, 21 Mar 2007 16:25:21 -0700
On Mar 21, 2007, at 2:26 PM, Greg Hellings wrote:
While stumbling through the tcpdump code it looks to me like tcpdump uses its own methods (in the print-*.c files) for displaying output to the screen,
Yes. That is as intended. libpcap is a library for capturing and sending traffic, and reading files of captured traffic, not a library for analyzing the captured traffic or constructing packets to send; many programs (tcpdump, Wireshark, snort, etc., etc., etc.) use it to capture traffic or to process captured traffic, and not all of them use tcpdump's code to analyze the packet contents.
Capturing raw traffic, and analyzing the traffic, are separate functions.
and the standard libpcap dump methods for output to files. Thus, it would seem that development of anonymizing methods would be best placed within libpcap and also made accessible to clients as well as used in the dumping process as options.
Only if all apps using libpcap would also use the anonymizing code. Otherwise, it might be best done as a library of its own.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Anonymizing tcpdump Greg Hellings (Mar 21)
- Re: Anonymizing tcpdump Guy Harris (Mar 21)
- Re: Anonymizing tcpdump Aaron Turner (Mar 21)
- Re: Anonymizing tcpdump Guy Harris (Mar 21)