nanog mailing list archives
Re: PCAP Sanitization Tool
From: kowsik <kowsik () gmail com>
Date: Wed, 16 Jun 2010 13:31:48 -0700
Log sanitation is a whole lot easier than packets. AFAIK, santizing pcaps is an intractable problem because of various kinds of encodings that exist within packets. Examples: - FTP IPv4 addresses are comma separated - DNS does label encoding of domain names (especially with pointers) - Forwarded emails contain deeply-buried domain names and IP addresses within gziped, based-64 encoded mime attachments. So, I don't think you are going to get what you are asking for. That said, there are tools that can strip out the payload and reassign IP addresses and port numbers. K. --- http://www.pcapr.net http://twitter.com/pcapr http://labs.mudynamics.com On Wed, Jun 16, 2010 at 10:18 AM, Michael Collins <mcollins () aleae com> wrote:
FLAIM: flaim.ncsa.illinois.edu On Jun 16, 2010, at 12:58 PM, Bein, Matthew wrote:Hello, Anyone know of a good tool for sanitizing PCAP files? I would like to keep as much of the payload as possible but remove src and dst ip information.Mike Collins mcollins () aleae com
Current thread:
- PCAP Sanitization Tool Bein, Matthew (Jun 16)
- Re: PCAP Sanitization Tool Michael Collins (Jun 16)
- Re: PCAP Sanitization Tool kowsik (Jun 16)
- Re: PCAP Sanitization Tool Sebastian Castro (Jun 16)
- Re: PCAP Sanitization Tool Valdis . Kletnieks (Jun 17)
- Re: PCAP Sanitization Tool Steven Bellovin (Jun 16)
- Re: PCAP Sanitization Tool Valdis . Kletnieks (Jun 17)
- Re: PCAP Sanitization Tool Steven Bellovin (Jun 17)
- Re: PCAP Sanitization Tool Valdis . Kletnieks (Jun 17)
- Re: PCAP Sanitization Tool travis abrams (Jun 16)
- Re: PCAP Sanitization Tool jul (Jun 19)
- RE: PCAP Sanitization Tool Delgado,Rodolfo (Jun 21)
- Re: PCAP Sanitization Tool Michael Collins (Jun 16)