Comment # 9
on bug 8349
from Erik Hjelmvik
(In reply to comment #8)
> (In reply to comment #7)
> > Two reasons: Privacy and Confidentiality.
> >
> > Let's say a user need to share a capture file containing a single packet in
> > order to get help with some troubleshooting. He captures traffic on his LAN
> > and filters out a single packet, which is saved to a new pcapng-file. This
> > PcapNG-file can, however, still contain several NRB entries for hosts that
> > the user didn't wanna reveal.
> >
> > Here is a real-world example, where I was able to reveal the identity of an
> > "anonymous" user who had sniffed traffic from the Great Firewall of China:
> >
> > http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-
> > MITM-on-GitHub
>
> For Privacy and Confidentiality Writing NO NRB might be a better soulution...
Yes, excluding the NRB would for sure provide better privacy, but I'm not sure
why you bring that up as a "better solution". I would find it quite unlikely
that filtered PcapNG files would be saved without any NRB entries as the
default option.
The issue here is that PcapNG files can leak sensitive information when a user
shares a PcapNG file that has been filtered to ONLY contain the packets that
he/she feels comfortable sharing. There is currently NO filtering of NRB
entires in Wirehsark!
You are receiving this mail because:
- You are watching all bug changes.