Re: [Openpacket-devel] OpenPacket.org RC1
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] OpenPacket.org RC1
|
From: James P. <jp...@gm...> - 2008-01-09 01:24:51
|
Just writing a small shell script that would call the correct tcpreplay functions to anonymize pcaps... It would be quite simple. An example of the commands in tcpreplay to anonymize a pcap are located at: http://sheeple.us/?p=38 On Jan 8, 2008 6:00 PM, CS Lee <ge...@gm...> wrote: > Hi James, > > What do you mean by writing shell script to anonymize pcaps you want to > contribute? > > Good point where it should be users responsibility to anonymize pcap is so > that the moderators won't be suspected if anything happen. Certain packet > attributes should be anonymized such as - > > Link Layer: source and destination mac address > Network Layer: source and destination ip address > Transport Layer: usually none, icmp message maybe > Payload: dependent > > If the payload contents confidential information then it should be > anonymized or else it should be fine. To get most of the job done, I have > covered them here - > > http://geek00l.blogspot.com/search?q=bittwiste > > I think for link layer address modification, the latest bittwiste can do > it very well now. For payload wise, you can use bittwiste too or if you > prefer gui - netdude and some other tools such as tcpreplay. > > If you have already tried out the rawpacket HeX liveCD, we have all the > tools categorized under Pcap-Editor where you can use it. > > If Richard thinks it is necessary to write up tutorial or short guide for > pcap anonymization, i can take it by rearranging my writeup in blog or maybe > we can do the screencast for that particular purpose. > > Cheers ;] > > > On Jan 9, 2008 1:23 AM, Richard Bejtlich <tao...@gm...> wrote: > > > On Jan 8, 2008 11:19 AM, James Pleger <jp...@gm...> wrote: > > > I agree that it should be the users responsibility, however... To ease > > the > > > burden of doing this(for me, i would have to write a small shell > > script to > > > anonymize pcaps if I wanted to contribute a good deal of pcaps. > > > > > > > Regarding anonymization -- I will prepare (or if someone else beats me > > to it, please do) a guide for anonmizing traces and links and demos to > > existing software. Please keep in mind I intend to follow the > > guidelines I posted here: > > > > http://openpacket.sourceforge.net/openpacket_req_doc_draft_21jul06.pdf > > > > OpenPacket.org moderators will not be responsible for anonymizing > > traces. It's too much of a burden in many ways. > > > > Thank you, > > > > Richard > > > > > > -- > Best Regards, > > CS Lee<geek00L[at]gmail.com> > > http://geek00l.blogspot.com > -- James Pleger p: 623.298.7966 e: jp...@gm... |
