Wireshark-dev: Re: [Wireshark-dev] Using wireshark protocol parsers to buildpackets
I don't see any code posted for these two tools, but you may want to
contact the people involved:
http://www-nrg.ee.lbl.gov/LBNL-FTP-ANON.html
http://www.ece.gatech.edu/research/labs/nsa/honeynet/tools/pcap-anon.shtml
Thanks for the links. Actually there is a lot of research going on on this
field in the academic and industry area. I have made a collection of
research papers and available tools in bibtext format. If anyone of you is
interested in this, write a mail to chris _at_ chrismc _dot_ de.
We (Institute for Telematics, University of Karlsruhe, Germany) are
currently working on a flexible and extensible anonymization tool that works
profile based. Writing protocol parsers and assembles is hard work and
assembling protocols is sometimes quite complex, especially if you want to
allow removal of data (e.g. IP options), reflect changes in new checksums,
allow every protocol attribute to be anonymized with an arbitrary
anonymization primitive, etc.
Having Wireshark disectors do the parsing and assembling would be awsome,
especiall because of the huge amount of protocols that Wireshark supports.
Regards,
Chris
Obviously any tool has it's limits and what is considered public
information to one person is confidential to another.
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix
On 2/11/07, [Chris] NULL <chrismc912@xxxxxxxxxxx> wrote:
> Thanks lot for your answer. Packet trace anonymization was exactly the
point
> I am interested in :)
>
> Regards,
> Chris
>
> > > My question is, is it possible to use the Wireshark disectors to
"build"
> >a
> > > trace. What I mean with this is, is it e.q. possible to change
values in
> >the
> > > Wireshark GUI and then have Wireshark build the binary trace
together? I
> > > know that in the current version this is not possible, but my
question
> >is in
> > > general. Is it possible to extend the Wireshark disectors to be able
to
> > > "build" a trace?
> >
> >No; that feature's missing from the current version because the
> >infrastructure for it isn't available, not because Wireshark chooses
not
> >to implement it.
> >
> >This is probably significantly more complicated than one might think,
> >especially given packet reassembly. A mechanism to do that would be
> >useful for manually editing packets (e.g., to construct a sequence of
> >packets to replay), as well as for the anonymization feature another
> >person would like to implement - but it'd require architectural work.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_________________________________________________________________
Der neue MSN Messenger. Schreiben.Sehen.Hören. Wie im echten Leben. -
http://www.imagine-msn.com/messenger/default2.aspx?locale=de Jetzt
herunterladen!