nanog mailing list archives

Re: PCAP Sanitization Tool

From: Valdis.Kletnieks () vt edu
Date: Thu, 17 Jun 2010 09:35:40 -0400

On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said:

Bein, Matthew wrote:

Anyone know of a good tool for sanitizing PCAP files? I would like to
keep as much of the payload as possible but remove src and dst ip
information.

Would address anonymization work? Instead of removing src/dst ip, you
can zero them.


No, if you simply zero the source and dest fields, you can't tell the difference
between packets going "A->B" and "B->A", which is usually something you kind
of want to keep track of.

Attachment: _bin
Description:

Current thread:

PCAP Sanitization Tool Bein, Matthew (Jun 16)
- Re: PCAP Sanitization Tool Michael Collins (Jun 16)
  - Re: PCAP Sanitization Tool kowsik (Jun 16)
- Re: PCAP Sanitization Tool Sebastian Castro (Jun 16)
  - Re: PCAP Sanitization Tool Valdis . Kletnieks (Jun 17)
- Re: PCAP Sanitization Tool Steven Bellovin (Jun 16)
  - Re: PCAP Sanitization Tool Valdis . Kletnieks (Jun 17)
    - Re: PCAP Sanitization Tool Steven Bellovin (Jun 17)
- Re: PCAP Sanitization Tool travis abrams (Jun 16)
- Re: PCAP Sanitization Tool jul (Jun 19)
- RE: PCAP Sanitization Tool Delgado,Rodolfo (Jun 21)