Anonymizing pcaps for sharing/analysis
Hi there I'd like to share a PCAP file for comments. How can I strip MAC address info and data so that it can safely shared on this boeard?
Hi there I'd like to share a PCAP file for comments. How can I strip MAC address info and data so that it can safely shared on this boeard?
Have a look at this blog-post by @Jasper (who wrote Tracewrangler)
Thanks!.........
Tracewrangler works great. The only limitation I have bumped into is that it can only remove single VLAN tag. Use editcap to remove multiple VLAN tags.
I'll have to check into that - Tracewrangler can parse stacked VLAN tags but maybe I forgot to actually add code to remove them...
Why would people want to anonymise VLAN tags? Frankly, why would people want also to remove private ip addresses? Is there any reason why you would want to anonymise anything else than mac address and payload?
To enter a block of code:
Comments