On Wed, May 04, 2011 at 09:44:55AM -0400, Michael Richardson wrote:
>
> > "Aaron" == Aaron Turner writes:
> Aaron> On Fri, Apr 29, 2011 at 12:20 AM, Andrej van der Zee
> Aaron> wrote:
> >> With tcprewrite you can change ips too. Not sure if it updates
> >> checksums though...
> "Aaron" == Aaron Turner writes:
Aaron> On Fri, Apr 29, 2011 at 12:20 AM, Andrej van der Zee
Aaron> wrote:
>> With tcprewrite you can change ips too. Not sure if it updates
>> checksums though... Andrej
Aaron> Yes, tcprewrite updates the relevant checksums for all edit
On Apr 30, 2011, at 12:10 PM, Aaron Turner wrote:
> Honestly, I'm not aware of any tool which covers every possibility so
I hate to even mention this, but Bro-IDS' current release (1.5.x) can do this
because as you mentioned, information is leaked through many application
protocols and you can
On 29/04/11 19:12, Guy Harris wrote:
On Apr 28, 2011, at 3:31 PM, Michael Richardson wrote:
Unless someone says that there is something else out there, I'm going to
write an (IPv4) pcap file anonymizer. I won't make the first version
efficient.
The Internet Traffic Archive has some anonymizin
On Fri, Apr 29, 2011 at 12:20 AM, Andrej van der Zee
wrote:
> With tcprewrite you can change ips too. Not sure if it updates checksums
> though...
> Andrej
Yes, tcprewrite updates the relevant checksums for all edits. It will
also edit MAC addresses in case you care that someone can figure out
On 29 apr 2011, at 09:12, Guy Harris wrote:
> On Apr 28, 2011, at 3:31 PM, Michael Richardson wrote:
>
>> Unless someone says that there is something else out there, I'm going to
>> write an (IPv4) pcap file anonymizer. I won't make the first version
>> efficient.
>
> The Internet Traffic Archi
On Thu, 2011-04-28 at 18:31 -0400, Michael Richardson wrote:
> Unless someone says that there is something else out there, I'm going to
> write an (IPv4) pcap file anonymizer. I won't make the first version
> efficient.
No point making it efficient at all, as if the sample size is large then
tra
With tcprewrite you can change ips too. Not sure if it updates checksums
though...
Andrej
>
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On Apr 28, 2011, at 3:31 PM, Michael Richardson wrote:
> Unless someone says that there is something else out there, I'm going to
> write an (IPv4) pcap file anonymizer. I won't make the first version
> efficient.
The Internet Traffic Archive has some anonymizing software:
http://ita.
Unless someone says that there is something else out there, I'm going to
write an (IPv4) pcap file anonymizer. I won't make the first version
efficient.
It will just look for up to 16 IP addresses in source/destination fields
and consistently replace them, updating the checksum.
--
] He
10 matches
Mail list logo