Grégoire, André <Andre.Gregoire@...> writes:
> What is the best way to anonymize pcap files? Mainly substitute a real IP
address and mac address for a fake one.
>
> There seems to be a lot of scripts out there that change one or the other but
I am looking if something is generally accepted as best practice or tried tested
and true by this community.
I don't know of "the best way" nor do I know which might be considered "best
practice", but here are a couple of links to some tools and information that
might help you decide what to use:
http://sharkfest.wireshark.org/sharkfest.11/presentations/A-11_Bongertz-Trace_File_Anonymization.pdf
http://ask.wireshark.org/questions/844/utility-to-anonymize-capture-files
http://comments.gmane.org/gmane.network.tcpdump.devel/5106
http://wiki.wireshark.org/Tools
- Chris