PCAP Sanitization Tool

kowsik kowsik at gmail.com
Wed Jun 16 20:31:48 UTC 2010

Log sanitation is a whole lot easier than packets. AFAIK, santizing
pcaps is an intractable problem because of various kinds of encodings
that exist within packets.


- FTP IPv4 addresses are comma separated
- DNS does label encoding of domain names (especially with pointers)
- Forwarded emails contain deeply-buried domain names and IP addresses
within gziped, based-64 encoded mime attachments.

So, I don't think you are going to get what you are asking for. That
said, there are tools that can strip out the payload and reassign IP
addresses and port numbers.


On Wed, Jun 16, 2010 at 10:18 AM, Michael Collins <mcollins at aleae.com> wrote:
> FLAIM: flaim.ncsa.illinois.edu
> On Jun 16, 2010, at 12:58 PM, Bein, Matthew wrote:
>> Hello,
>> Anyone know of a good tool for sanitizing PCAP files? I would like to
>> keep as much of the payload as possible but remove src and dst ip
>> information.
> Mike Collins
> mcollins at aleae.com

More information about the NANOG mailing list