Wireshark · Wireshark-users: Re: [Wireshark-users] Anonymising PCAP files with Wireshark?

Wireshark-users: Re: [Wireshark-users] Anonymising PCAP files with Wireshark?

From: Chris Maynard <Chris.Maynard@xxxxxxxxx>

Date: Wed, 25 Jan 2012 15:11:17 +0000 (UTC)

Grégoire, André <Andre.Gregoire@...> writes:

> What is the best way to anonymize pcap files? Mainly substitute a real IP
address and mac address for a fake one.
>  
> There seems to be a lot of scripts out there that change one or the other but
I am looking if something is generally accepted as best practice or tried tested
and true by this community. 

I don't know of "the best way" nor do I know which might be considered "best
practice", but here are a couple of links to some tools and information that
might help you decide what to use:

http://sharkfest.wireshark.org/sharkfest.11/presentations/A-11_Bongertz-Trace_File_Anonymization.pdf

http://ask.wireshark.org/questions/844/utility-to-anonymize-capture-files

http://comments.gmane.org/gmane.network.tcpdump.devel/5106

http://wiki.wireshark.org/Tools

- Chris

References:
- [Wireshark-users] Anonymising PCAP files with Wireshark?
  - From: Grégoire , André

Prev by Date: [Wireshark-users] Anonymising PCAP files with Wireshark?
Next by Date: Re: [Wireshark-users] Wireshark-users] Nvidia MCP onboard wired 10/100/1000 NIC
Previous by thread: [Wireshark-users] Anonymising PCAP files with Wireshark?
Next by thread: Re: [Wireshark-users] Anonymising PCAP files with Wireshark?
Index(es):
- Date
- Thread