Re: Anonymizing tcpdump

[Guy Harris <guy () alum mit edu>]

On Mar 21, 2007, at 2:26 PM, Greg Hellings wrote:

> While stumbling through the tcpdump code it looks to me like tcpdump
> uses its own methods (in the print-*.c files) for displaying output to
> the screen,

Yes.  That is as intended.  libpcap is a library for capturing and  
sending traffic, and reading files of captured traffic, not a library  
for analyzing the captured traffic or constructing packets to send;  
many programs (tcpdump, Wireshark, snort, etc., etc., etc.) use it to  
capture traffic or to process captured traffic, and not all of them  
use tcpdump's code to analyze the packet contents.

Capturing raw traffic, and analyzing the traffic, are separate  
functions.

> and the standard libpcap dump methods for output to files.
> Thus, it would seem that development of anonymizing methods would be
> best placed within libpcap and also made accessible to clients as well
> as used in the dumping process as options.

Only if all apps using libpcap would also use the anonymizing code.   
Otherwise, it might be best done as a library of its own.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.