SANS ISC

[SANS ISC] Truncating Payloads and Anonymizing PCAP files

I published the following diary on isc.sans.org: “Truncating Payloads and Anonymizing PCAP files“:

Sometimes, you may need to provide PCAP files to third-party organizations like a vendor support team to investigate a problem with your network. I was looking for a small tool to anonymize network traffic but also to restrict data to packet headers (and drop the payload). Google pointed me to a tool called ‘TCPurify’… [Read more]

 

5 comments

  1. Interesting, and further more… the IP address is burried often within other packets such as HTTP headers. This won’t do the job to properly anonymize packets and retain overall pcap integrity (if required on the level on a large scale). Custom protocol parsers are needed.

    But thanks though! An extra tool is always welcome.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.