PCAP Sanitization Tool

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jun 17 13:35:40 UTC 2010

On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said:
> Bein, Matthew wrote:
> > Anyone know of a good tool for sanitizing PCAP files? I would like to
> > keep as much of the payload as possible but remove src and dst ip
> > information. 

> Would address anonymization work? Instead of removing src/dst ip, you
> can zero them.

No, if you simply zero the source and dest fields, you can't tell the difference
between packets going "A->B" and "B->A", which is usually something you kind
of want to keep track of.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100617/a9abf6a1/attachment.sig>

More information about the NANOG mailing list