Wireshark-users: Re: [Wireshark-users] Whitewashing Packet Traces?
From: "DAIGLE, ANDREW PAUL" <adaig90@xxxxxxxxxxx>
Date: Fri, 27 Jul 2007 13:58:22 -0500
WildPackets.com used to sell a utility called "PacketScrubber" that does
this. The problem is they stopped selling it a few years ago. You might
try calling them to see if they can tell you how to obtain a copy.

Andrew

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of J. Andrew
Kitkowski
Sent: Friday, July 27, 2007 1:29 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Whitewashing Packet Traces?

Hey all:

I'm doing some troubleshooting in a client environ,
and we're using Wireshark to analyze CIFS traffic.

Problem is, they're a secure site, and require a
whitewash/screening process on all data before they
can send to us.

In this case, the trace was taken between a W2K3
server and a Netapp filer (just between two
interfaces/IPs), and we're looking for a way we can
basically whitewash the trace.  That is, basically
replace the IPs within the trace with other IPs
(change "10.100.100.1" to "192.168.1.1") and the same
for MACs.  

However, unfortunately when opening traces with vi and
the like, the IPs are not listed in plaintext.

I checked all available docs, and did some google
hunts. Is there a way to do this, basically take a
Wireshark trace file, then edit it to "swap out" data
like IPs and MACs?

Thanks for your time.
-Andy K


 
________________________________________________________________________
____________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user
panel and lay it on us.
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users