tcpdump mailing list archives

Re: pcap anonymizer

From: Wesley Shields <wxs () FreeBSD org>
Date: Wed, 4 May 2011 10:46:56 -0400

On Wed, May 04, 2011 at 09:44:55AM -0400, Michael Richardson wrote:

"Aaron" == Aaron Turner <synfinatic () gmail com> writes:

    Aaron> On Fri, Apr 29, 2011 at 12:20 AM, Andrej van der Zee
    Aaron> <andrejvanderzee () gmail com> wrote:
    >> With tcprewrite you can change ips too. Not sure if it updates
    >> checksums though...  Andrej

    Aaron> Yes, tcprewrite updates the relevant checksums for all edits.
    Aaron> It will also edit MAC addresses in case you care that someone
    Aaron> can figure out what vendor's hardware you're using.

    Aaron> One thing people need to think about when writing these kind
    Aaron> of tools is how many protocols expose host identities.  HTTP,
    Aaron> SMTP, FTP, almost every Microsoft protocol, etc.  Some are
    Aaron> *usually* just host names (HTTP Host Header for example),

So, I care mostly about IP addresses in the tests/ directory.
I'd like to make it easier for people to submit test cases.


Among the others mentioned, I believe bittwist can do that.

http://bittwist.sourceforge.net/

-- WXS
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

pcap anonymizer Michael Richardson (Apr 28)
- Re: pcap anonymizer Guy Harris (Apr 29)
  - Re: pcap anonymizer Andrej van der Zee (Apr 29)
    - Re: pcap anonymizer Aaron Turner (Apr 30)
    - Re: pcap anonymizer Seth Hall (May 02)
    - Re: pcap anonymizer Michael Richardson (May 04)
    - Re: pcap anonymizer Wesley Shields (May 04)
  - Re: pcap anonymizer Sake Blok (Apr 29)
  - Re: pcap anonymizer Stephen Donnelly (May 02)
- Re: pcap anonymizer Glen Turner (Apr 29)