tcpdump mailing list archives

Re: pcap anonymizer

From: Seth Hall <seth () icir org>
Date: Mon, 2 May 2011 11:05:42 -0400


On Apr 30, 2011, at 12:10 PM, Aaron Turner wrote:

Honestly, I'm not aware of any tool which covers every possibility so


I hate to even mention this, but Bro-IDS' current release (1.5.x) can do this because as you mentioned, information is 
leaked through many application protocols and you can program Bro to change application protocol fields fairly 
arbitrarily however you want it to while still updating all relevant checksums.  I hate to mention it because we're 
actually removing the code from the next major release due to it's slow decay from lack of use.

We'd actually really like to hear from anyone interested in this capability to possibly guide future developments.

Thanks,
 .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

pcap anonymizer Michael Richardson (Apr 28)
- Re: pcap anonymizer Guy Harris (Apr 29)
  - Re: pcap anonymizer Andrej van der Zee (Apr 29)
    - Re: pcap anonymizer Aaron Turner (Apr 30)
    - Re: pcap anonymizer Seth Hall (May 02)
    - Re: pcap anonymizer Michael Richardson (May 04)
    - Re: pcap anonymizer Wesley Shields (May 04)
  - Re: pcap anonymizer Sake Blok (Apr 29)
  - Re: pcap anonymizer Stephen Donnelly (May 02)
- Re: pcap anonymizer Glen Turner (Apr 29)