tcpdump mailing list archives
Re: pcap anonymizer
From: Seth Hall <seth () icir org>
Date: Mon, 2 May 2011 11:05:42 -0400
On Apr 30, 2011, at 12:10 PM, Aaron Turner wrote:
Honestly, I'm not aware of any tool which covers every possibility so
I hate to even mention this, but Bro-IDS' current release (1.5.x) can do this because as you mentioned, information is leaked through many application protocols and you can program Bro to change application protocol fields fairly arbitrarily however you want it to while still updating all relevant checksums. I hate to mention it because we're actually removing the code from the next major release due to it's slow decay from lack of use. We'd actually really like to hear from anyone interested in this capability to possibly guide future developments. Thanks, .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- pcap anonymizer Michael Richardson (Apr 28)
- Re: pcap anonymizer Guy Harris (Apr 29)
- Re: pcap anonymizer Andrej van der Zee (Apr 29)
- Re: pcap anonymizer Aaron Turner (Apr 30)
- Re: pcap anonymizer Seth Hall (May 02)
- Re: pcap anonymizer Michael Richardson (May 04)
- Re: pcap anonymizer Wesley Shields (May 04)
- Re: pcap anonymizer Andrej van der Zee (Apr 29)
- Re: pcap anonymizer Guy Harris (Apr 29)
- Re: pcap anonymizer Sake Blok (Apr 29)
- Re: pcap anonymizer Stephen Donnelly (May 02)