Anonymizing pcaps for sharing/analysis

retag add tags

Hi there I'd like to share a PCAP file for comments. How can I strip MAC address info and data so that it can safely shared on this boeard?

Have a look at this blog-post by @Jasper (who wrote Tracewrangler)

18.5k

SYN-bit

answered 2021-04-20 09:18:23 +0000

edit flag offensive 0 remove flag delete link

Comments

Thanks!.........

HappySailor (2021-04-20 09:25:21 +0000) edit

Tracewrangler works great. The only limitation I have bumped into is that it can only remove single VLAN tag. Use editcap to remove multiple VLAN tags.

BigFatCat (2021-04-20 12:16:28 +0000) edit

Glad to hear it worked great for you and maybe @Jasper can add Q-in-Q (or rather, recursive) vlan scrubbing :-)

SYN-bit (2021-04-21 06:11:51 +0000) edit

I'll have to check into that - Tracewrangler can parse stacked VLAN tags but maybe I forgot to actually add code to remove them...

Jasper (2021-04-21 07:47:59 +0000) edit

Why would people want to anonymise VLAN tags? Frankly, why would people want also to remove private ip addresses? Is there any reason why you would want to anonymise anything else than mac address and payload?

HappySailor (2021-04-21 08:08:54 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Anonymizing pcaps for sharing/analysis edit

Comments

1 Answer

Comments