Wireshark mailing list archives

Re: Anonymising PCAP files with Wireshark?

From: Chris Maynard <Chris.Maynard () gtech com>
Date: Wed, 25 Jan 2012 15:11:17 +0000 (UTC)

Grégoire, André <Andre.Gregoire@...> writes:

What is the best way to anonymize pcap files? Mainly substitute a real IP

address and mac address for a fake one.

 
There seems to be a lot of scripts out there that change one or the other but

I am looking if something is generally accepted as best practice or tried tested
and true by this community. 

I don't know of "the best way" nor do I know which might be considered "best
practice", but here are a couple of links to some tools and information that
might help you decide what to use:

http://sharkfest.wireshark.org/sharkfest.11/presentations/A-11_Bongertz-Trace_File_Anonymization.pdf

http://ask.wireshark.org/questions/844/utility-to-anonymize-capture-files

http://comments.gmane.org/gmane.network.tcpdump.devel/5106

http://wiki.wireshark.org/Tools

- Chris


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Anonymising PCAP files with Wireshark? Grégoire , André (Jan 25)
- Re: Anonymising PCAP files with Wireshark? Chris Maynard (Jan 25)
- Re: Anonymising PCAP files with Wireshark? Kevin Cullimore (Jan 25)