Wireshark mailing list archives

Re: Saving without payload

From: Martin Visser <martinvisser99 () gmail com>
Date: Mon, 30 Nov 2009 13:17:17 +1100

I guess the question any one will ask "What is the definition of payload?".
One man's header is another man's data. I

f you want to properly obfuscate your capture data you would want to jitter
your timestamps (so people don't know when you are sending), change your IP
address (as you already indicated), translate or zero your TCP and UDP ports
(so baddies don't know what protocol your sending), and zero or at least
transmogrify segment/datagram contents. But of course then you possibly have
little use of what you had captured.

Regards, Martin

MartinVisser99 () gmail com


On Fri, Nov 27, 2009 at 11:22 PM, WATT DAVE <Dave.Watt () alcatel-lucent com>wrote:

 We have a high priority requirement to save the capture, stripping out
ALL payload bytes.  This is for UK legal  compliance when analysing traffic
subject to data protection.

I can easily just capture the first 68 bytes of each packet, but that will
sometimes include the first part of the payload.

Ideally, we want to capture everything and then save only the headers.

We would also like to be able to ‘anonymise’ the IP addresses during the
save.

Can Wireshark do any of this?  It would seem to be a useful feature
required in many countries where such data protection is in place.

Without doing this we cannot mail the capture file to R&D for
investigation, in fact we cannot even save the capture  to a local disk.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Saving without payload WATT DAVE (Nov 27)
- Re: Saving without payload Guy Harris (Nov 27)
  - Re: Saving without payload Sake Blok (Nov 28)
- Re: Saving without payload Martin Visser (Nov 29)
  - Re: Saving without payload WATT DAVE (Nov 30)