Comment # 7
on bug 8349
from Erik Hjelmvik
(In reply to comment #6)
> > That's too bad. Seems as if there is a need for a new fix, which would
> > remove any NRB entries for IPs that aren't in the frames being saved to disk.
>
> Why would that be a requirement? I think it my be costly performance wise
> to match the name resolution table to IP addresses in the capture at save so
> if it's to be done there has to be a good reason.
Two reasons: Privacy and Confidentiality.
Let's say a user need to share a capture file containing a single packet in
order to get help with some troubleshooting. He captures traffic on his LAN and
filters out a single packet, which is saved to a new pcapng-file. This
PcapNG-file can, however, still contain several NRB entries for hosts that the
user didn't wanna reveal.
Here is a real-world example, where I was able to reveal the identity of an
"anonymous" user who had sniffed traffic from the Great Firewall of China:
http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-MITM-on-GitHub
You are receiving this mail because:
- You are watching all bug changes.