Re: [Openpacket-devel] OpenPacket.org RC1
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] OpenPacket.org RC1
|
From: CS L. <ge...@gm...> - 2008-01-09 01:01:04
|
Hi James, What do you mean by writing shell script to anonymize pcaps you want to contribute? Good point where it should be users responsibility to anonymize pcap is so that the moderators won't be suspected if anything happen. Certain packet attributes should be anonymized such as - Link Layer: source and destination mac address Network Layer: source and destination ip address Transport Layer: usually none, icmp message maybe Payload: dependent If the payload contents confidential information then it should be anonymized or else it should be fine. To get most of the job done, I have covered them here - http://geek00l.blogspot.com/search?q=bittwiste I think for link layer address modification, the latest bittwiste can do it very well now. For payload wise, you can use bittwiste too or if you prefer gui - netdude and some other tools such as tcpreplay. If you have already tried out the rawpacket HeX liveCD, we have all the tools categorized under Pcap-Editor where you can use it. If Richard thinks it is necessary to write up tutorial or short guide for pcap anonymization, i can take it by rearranging my writeup in blog or maybe we can do the screencast for that particular purpose. Cheers ;] On Jan 9, 2008 1:23 AM, Richard Bejtlich <tao...@gm...> wrote: > On Jan 8, 2008 11:19 AM, James Pleger <jp...@gm...> wrote: > > I agree that it should be the users responsibility, however... To ease > the > > burden of doing this(for me, i would have to write a small shell script > to > > anonymize pcaps if I wanted to contribute a good deal of pcaps. > > > > Regarding anonymization -- I will prepare (or if someone else beats me > to it, please do) a guide for anonmizing traces and links and demos to > existing software. Please keep in mind I intend to follow the > guidelines I posted here: > > http://openpacket.sourceforge.net/openpacket_req_doc_draft_21jul06.pdf > > OpenPacket.org moderators will not be responsible for anonymizing > traces. It's too much of a burden in many ways. > > Thank you, > > Richard > -- Best Regards, CS Lee<geek00L[at]gmail.com> http://geek00l.blogspot.com |
