Anonymizing tcpdump

["Greg Hellings" <greg.hellings () gmail com>]

Greetings,

I'm a graduate student at the University of Texas at Dallas and I'm
working with some professors here at the University as well as some
other researchers from other institutions.  We are looking at ways to
modify tcpdump so that it will anonymize the data that it collects in
different ways, which will, of course, be user-configurable.  In the
spirit of things Open Source I wanted to let you know about my efforts
and possibly coordinate them with the tcpdump community.  Our working
name is, right now, scrub-tcpdump, though that may flex as time comes
and goes.

Our hope is that we could anonymize both the display and the storage
of the data so that it can then be shared by individuals or
organizations which want to outsource their data without risking
having it mined for information about their network's structure.

While stumbling through the tcpdump code it looks to me like tcpdump
uses its own methods (in the print-*.c files) for displaying output to
the screen, and the standard libpcap dump methods for output to files.
Thus, it would seem that development of anonymizing methods would be
best placed within libpcap and also made accessible to clients as well
as used in the dumping process as options.

If this seems to fit with the current libpcap/tcpdump model, please
let me know.  Also, guide me back on track if it seems off-base.
Thanks!

--Greg Hellings
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.