Hi, I learned that there is a tool that is supposed to be supporting lots and lots of protocols (including Cellular stuff apparently), called "SafePCAP". It's not free though, and I haven't tried it, so I have no idea what it can or cannot do correctly.
https://omnipacket.com/safepcap.html Cheers, Jasper Thursday, June 8, 2017, 3:09:25 PM, you wrote: > Hi Ivan > I went through a similar topic some time ago. The answer is: > generally speaking, no. The tools you mentione target specific > protocols, which are a few (ip/tcp/udp ecc), but the cover the > majority of traffic. To go to upper layers you should know the > semantic of the protocols you want to anonymize. Moreover, not all > fields are straightforward to change. A 4 bytes integer can be, a > string, whatever its format is, is not straightforward (you could go > to a change in packet len, then lengths have to be changed, etc.). > And that's not all: the fields you're changing could require changes > in other fields. A stupid example: a protocol with an IP + a flag > that indicates whether the IP is from net 10. would require to change both. > If you want to target a specific procol, you should write a > software that knows that protocol and that does the dirty work for you. > Tracewrangler is the most advanced I know, but falls in the aforementioned > category. > Bye. > Dario. > On Wed, Jun 7, 2017 at 8:54 PM, Ivan Nardi <[email protected]> wrote: > Hi > There are a few public available tools that anonymize pcap files, > but they usually target L2-L4 layers and "standard" protocols (i.e. dns, > icmp,...) > Is there any tool which sanitizes information carried on "3gpp" > protocols (ranap, bssap, gsm_a dtap, gsm_map, sgsap...) or, at least, on some > of them? > I am not looking for something particularly advanced: zeroing mcc > and mnc (both in imsi and in cell/location information) should be > enough, even without checksum updating. > The goal is to easily share some pcaps without changing them with an > hex-editor by hand > I know that I am asking for a very specific tool, but it's worth giving it a > try... > Thanks in advance > Ivan > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected]?subject=unsubscribe [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
