Wireshark-bugs: [Wireshark-bugs] [Bug 8349] Wireshark writes names to NRB that do not appear in

Date: Sun, 15 Sep 2013 20:31:56 +0000

Comment # 9 on bug 8349 from
(In reply to comment #8)
> (In reply to comment #7)
> > Two reasons: Privacy and Confidentiality.
> > 
> > Let's say a user need to share a capture file containing a single packet in
> > order to get help with some troubleshooting. He captures traffic on his LAN
> > and filters out a single packet, which is saved to a new pcapng-file. This
> > PcapNG-file can, however, still contain several NRB entries for hosts that
> > the user didn't wanna reveal.
> > 
> > Here is a real-world example, where I was able to reveal the identity of an
> > "anonymous" user who had sniffed traffic from the Great Firewall of China:
> > 
> > http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-
> > MITM-on-GitHub
> 
> For Privacy and Confidentiality Writing NO NRB might be a better soulution...

Yes, excluding the NRB would for sure provide better privacy, but I'm not sure
why you bring that up as a "better solution". I would find it quite unlikely
that filtered PcapNG files would be saved without any NRB entries as the
default option.

The issue here is that PcapNG files can leak sensitive information when a user
shares a PcapNG file that has been filtered to ONLY contain the packets that
he/she feels comfortable sharing. There is currently NO filtering of NRB
entires in Wirehsark!


You are receiving this mail because:
  • You are watching all bug changes.