Ask Your Question

Anonymizing pcaps for sharing/analysis

asked 2021-04-20 08:58:29 +0000

HappySailor gravatar image

Hi there I'd like to share a PCAP file for comments. How can I strip MAC address info and data so that it can safely shared on this boeard?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-04-20 09:18:23 +0000

SYN-bit gravatar image

Have a look at this blog-post by @Jasper (who wrote Tracewrangler)

edit flag offensive delete link more



HappySailor gravatar imageHappySailor ( 2021-04-20 09:25:21 +0000 )edit

Tracewrangler works great. The only limitation I have bumped into is that it can only remove single VLAN tag. Use editcap to remove multiple VLAN tags.

BigFatCat gravatar imageBigFatCat ( 2021-04-20 12:16:28 +0000 )edit

Glad to hear it worked great for you and maybe @Jasper can add Q-in-Q (or rather, recursive) vlan scrubbing :-)

SYN-bit gravatar imageSYN-bit ( 2021-04-21 06:11:51 +0000 )edit

I'll have to check into that - Tracewrangler can parse stacked VLAN tags but maybe I forgot to actually add code to remove them...

Jasper gravatar imageJasper ( 2021-04-21 07:47:59 +0000 )edit

Why would people want to anonymise VLAN tags? Frankly, why would people want also to remove private ip addresses? Is there any reason why you would want to anonymise anything else than mac address and payload?

HappySailor gravatar imageHappySailor ( 2021-04-21 08:08:54 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-04-20 08:58:29 +0000

Seen: 734 times

Last updated: Apr 21 '21