17 Jun
2010
17 Jun
'10
9:35 a.m.
On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said:
Bein, Matthew wrote:
Anyone know of a good tool for sanitizing PCAP files? I would like to keep as much of the payload as possible but remove src and dst ip information.
Would address anonymization work? Instead of removing src/dst ip, you can zero them.
No, if you simply zero the source and dest fields, you can't tell the difference between packets going "A->B" and "B->A", which is usually something you kind of want to keep track of.