Thanks a lot for your answers!
On Sep 7, 12:35, Guy Harris wrote:
[...]
> As Gilbert noted, Ethereal capture files are, by default, the same as
> tcpdump capture files (one can sometimes save them in formats other than
> the libpcap format used by tcpdump, but by default they'd be saved in
> libpcap format), and that's the format that tcpdpriv reads as well.
>
> I don't think it removes or obliterates passwords, HTTP URLs, etc. in
> captures; I think it just modifies TCP and IP headers.
>-- End of excerpt from Guy Harris
I succeeded to run tcpdpriv under linux (thanks to the gerald.patch)
and in fact it works well with tethereal capture files :-)
Unfortunately tcpdpriv also removes tcp payload and thus deletes all
HTTP-information. Hence, I need a different solution.
On Sep 7, 13:36, Guy Harris wrote:
> Subject: Re: [ethereal-users] anonymize capture file?
> On Thu, Sep 07, 2000 at 12:57:57PM +0200, Johannes Faerber wrote:
> > - If using output to sdtout ( to pipe into scripts to filter out the
> > critical fields), tethereal does not print long HTTP fields
> > completely (cuts after sth like 66 characters and adds "..."). Is
> > there a possibility to make it print the complete fields?
>
> Yes, but it doesn't involve changing "tethereal.c", it involves changing
> "packet.c" to make the "format_text()" routine dynamically grow the
> string buffer into which it formats the text (i.e., it's not as if the
> top-level Tethereal code - or the HTTP dissector, for that matter - is
> making the decision to truncate stuff).
Thanks for this tip, I will look into this now!
Regards,
Johannes
--
Institute of Communication Networks and Computer Engineering (IND)
University of Stuttgart
Pfaffenwaldring 47 Tel: +49-711-685 7968
D-70569 Stuttgart Fax: +49-711-685 7983
Johannes Faerber faerber@xxxxxxxxxxxxxxxxxxxx
