>I don't see any code posted for these two tools, but you may want to >contact the people involved: >http://www-nrg.ee.lbl.gov/LBNL-FTP-ANON.html >http://www.ece.gatech.edu/research/labs/nsa/honeynet/tools/pcap-anon.shtml
Thanks for the links. Actually there is a lot of research going on on this field in the academic and industry area. I have made a collection of research papers and available tools in bibtext format. If anyone of you is interested in this, write a mail to chris _at_ chrismc _dot_ de. We (Institute for Telematics, University of Karlsruhe, Germany) are currently working on a flexible and extensible anonymization tool that works profile based. Writing protocol parsers and assembles is hard work and assembling protocols is sometimes quite complex, especially if you want to allow removal of data (e.g. IP options), reflect changes in new checksums, allow every protocol attribute to be anonymized with an arbitrary anonymization primitive, etc. Having Wireshark disectors do the parsing and assembling would be awsome, especiall because of the huge amount of protocols that Wireshark supports. Regards, Chris > >Obviously any tool has it's limits and what is considered public >information to one person is confidential to another. > >-- >Aaron Turner >http://synfin.net/ >http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix > > > >On 2/11/07, [Chris] NULL <[EMAIL PROTECTED]> wrote: > > Thanks lot for your answer. Packet trace anonymization was exactly the >point > > I am interested in :) > > > > Regards, > > Chris > > > > > > My question is, is it possible to use the Wireshark disectors to >"build" > > >a > > > > trace. What I mean with this is, is it e.q. possible to change >values in > > >the > > > > Wireshark GUI and then have Wireshark build the binary trace >together? I > > > > know that in the current version this is not possible, but my >question > > >is in > > > > general. Is it possible to extend the Wireshark disectors to be able >to > > > > "build" a trace? > > > > > >No; that feature's missing from the current version because the > > >infrastructure for it isn't available, not because Wireshark chooses >not > > >to implement it. > > > > > >This is probably significantly more complicated than one might think, > > >especially given packet reassembly. A mechanism to do that would be > > >useful for manually editing packets (e.g., to construct a sequence of > > >packets to replay), as well as for the anonymization feature another > > >person would like to implement - but it'd require architectural work. >_______________________________________________ >Wireshark-dev mailing list >[email protected] >http://www.wireshark.org/mailman/listinfo/wireshark-dev _________________________________________________________________ Der neue MSN Messenger. Schreiben.Sehen.Hören. Wie im echten Leben. - http://www.imagine-msn.com/messenger/default2.aspx?locale=de Jetzt herunterladen! _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
