tcpdpriv should work; if I remember correctly, it operates on libpcap files,
which are the
format that both tcpdump and [t]ethereal create.
([t]ethereal can save as other file formats, but by default the captures that it
makes are
in libpcap format).
--gilbert
faerber@xxxxxxxxxxxxxxxxxxxx (Johannes Faerber) on 09/07/2000 05:57:57 AM
To: ethereal-users@xxxxxxxx
cc: (bcc: Gilbert Ramirez/Tivoli Systems)
Subject: [ethereal-users] anonymize capture file?
Hi,
for privacy reasons I need to anonymize captured traffic data which
I take from a network measurement, i.e. map IP addresses to anonymous
addresses and if possible remove HTTP URL information.
I see two direct ways of doing this:
- I have seen tcpdpriv in the Internet Traffic Archive. Does it work
with ethereal capture files?
- If using output to sdtout ( to pipe into scripts to filter out the
critical fields), tethereal does not print long HTTP fields
completely (cuts after sth like 66 characters and adds "..."). Is
there a possibility to make it print the complete fields?
Of course it would be perfect to have tethereal write directly
anonymized packet data. Is that feasible? Or does it dump packets
to the savefile without looking into them?
Thanks for your help,
Johannes
--
Institute of Communication Networks and Computer Engineering (IND)
University of Stuttgart
Pfaffenwaldring 47 Tel: +49-711-685 7968
D-70569 Stuttgart Fax: +49-711-685 7983
Johannes Faerber faerber@xxxxxxxxxxxxxxxxxxxx
