Ethereal-users: Re: [ethereal-users] anonymize capture file?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Thu, 7 Sep 2000 12:35:20 -0700
On Thu, Sep 07, 2000 at 12:57:57PM +0200, Johannes Faerber wrote:
> for privacy reasons I need to anonymize captured traffic data which
> I take from a network measurement, i.e. map IP addresses to anonymous
> addresses and if possible remove HTTP URL information.
> 
> I see two direct ways of doing this:
> - I have seen tcpdpriv in the Internet Traffic Archive. Does it work
>   with ethereal capture files?

As Gilbert noted, Ethereal capture files are, by default, the same as
tcpdump capture files (one can sometimes save them in formats other than
the libpcap format used by tcpdump, but by default they'd be saved in
libpcap format), and that's the format that tcpdpriv reads as well.

I don't think it removes or obliterates passwords, HTTP URLs, etc. in
captures; I think it just modifies TCP and IP headers.