tcpdump mailing list archives
Anonymizing tcpdump
From: "Greg Hellings" <greg.hellings () gmail com>
Date: Wed, 21 Mar 2007 16:26:06 -0500
Greetings, I'm a graduate student at the University of Texas at Dallas and I'm working with some professors here at the University as well as some other researchers from other institutions. We are looking at ways to modify tcpdump so that it will anonymize the data that it collects in different ways, which will, of course, be user-configurable. In the spirit of things Open Source I wanted to let you know about my efforts and possibly coordinate them with the tcpdump community. Our working name is, right now, scrub-tcpdump, though that may flex as time comes and goes. Our hope is that we could anonymize both the display and the storage of the data so that it can then be shared by individuals or organizations which want to outsource their data without risking having it mined for information about their network's structure. While stumbling through the tcpdump code it looks to me like tcpdump uses its own methods (in the print-*.c files) for displaying output to the screen, and the standard libpcap dump methods for output to files. Thus, it would seem that development of anonymizing methods would be best placed within libpcap and also made accessible to clients as well as used in the dumping process as options. If this seems to fit with the current libpcap/tcpdump model, please let me know. Also, guide me back on track if it seems off-base. Thanks! --Greg Hellings - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Anonymizing tcpdump Greg Hellings (Mar 21)
- Re: Anonymizing tcpdump Guy Harris (Mar 21)
- Re: Anonymizing tcpdump Aaron Turner (Mar 21)
- Re: Anonymizing tcpdump Guy Harris (Mar 21)