Comment # 8
on bug 8349
from Anders Broman
(In reply to comment #7)
> (In reply to comment #6)
> > > That's too bad. Seems as if there is a need for a new fix, which would
> > > remove any NRB entries for IPs that aren't in the frames being saved to disk.
> >
> > Why would that be a requirement? I think it my be costly performance wise
> > to match the name resolution table to IP addresses in the capture at save so
> > if it's to be done there has to be a good reason.
>
> Two reasons: Privacy and Confidentiality.
>
> Let's say a user need to share a capture file containing a single packet in
> order to get help with some troubleshooting. He captures traffic on his LAN
> and filters out a single packet, which is saved to a new pcapng-file. This
> PcapNG-file can, however, still contain several NRB entries for hosts that
> the user didn't wanna reveal.
>
> Here is a real-world example, where I was able to reveal the identity of an
> "anonymous" user who had sniffed traffic from the Great Firewall of China:
>
> http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-
> MITM-on-GitHub
For Privacy and Confidentiality Writing NO NRB might be a better soulution...
You are receiving this mail because:
- You are watching all bug changes.