Ask Your Question

Tool to sanitize packets

asked 2019-08-09 21:01:53 +0000

genesiusj gravatar image

Hello, Can Wireshark (or one of its CLI-based programs) able to either sanitize packets (need to remove PII); or edit TCP payload to all of one character; or remove packets (without causing TCP errors in the output)? We have several captures which contain PII, there is valuable technical information that would be of benefit in resolving future issues. Therefore, we would love to keep the captures minus the PII. Thanks and God bless, Genesius

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2019-08-10 01:19:45 +0000

Ross Jacobs gravatar image

Hi Genesius,

  • Sanitize: You want to use TraceWrangler, made by Wireshark Contributor Jasper Bongertz.
  • Remove TCP payload: Use editcap with a snaplen
  • Remove packets: Filter them out with a display filter in Wireshark and then File > Export Specified Packets. In tshark, this is tshark -r $file -Y "$display_filter" -w $filtered_file.

I agree with @cmaynard that checking out the Wireshark Tools page will help you.


edit flag offensive delete link more

answered 2019-08-09 23:01:48 +0000

cmaynard gravatar image

You can refer to the Wireshark Tools wiki page for a list of some tools that may meet your needs.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-08-09 21:01:53 +0000

Seen: 2,338 times

Last updated: Aug 10 '19