Anonymizing pcaps for sharing/analysis

HappySailor
5 ●1 ●2 ●5

Hi there I'd like to share a PCAP file for comments. How can I strip MAC address info and data so that it can safely shared on this boeard?

answered Apr 20 '1

SYN-bit

18570 ●9 ●348 ●255 https://SYN-b.it

Have a look at this blog-post by @Jasper (who wrote Tracewrangler)

link

Comments

Thanks!.........

HappySailor ( Apr 20 '1 )

Tracewrangler works great. The only limitation I have bumped into is that it can only remove single VLAN tag. Use editcap to remove multiple VLAN tags.

BigFatCat ( Apr 20 '1 )

Glad to hear it worked great for you and maybe @Jasper can add Q-in-Q (or rather, recursive) vlan scrubbing :-)

SYN-bit ( Apr 21 '1 )

I'll have to check into that - Tracewrangler can parse stacked VLAN tags but maybe I forgot to actually add code to remove them...

Jasper ( Apr 21 '1 )

Why would people want to anonymise VLAN tags? Frankly, why would people want also to remove private ip addresses? Is there any reason why you would want to anonymise anything else than mac address and payload?

HappySailor ( Apr 21 '1 )

see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Anonymizing pcaps for sharing/analysis

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Anonymizing pcaps for sharing/analysis savecancel

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Anonymizing pcaps for sharing/analysis