Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

.pcap Scrubbing

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: .pcap Scrubbing

Re: .pcap Scrubbing

Post by parityboy » Mon Mar 02, 2015 11:03 pm

@PJ

Done. :D

Re migrating data to cleanVPN.org

Post by Pattern_Juggled » Mon Mar 02, 2015 11:41 am

Quick note: let's move as much of this as we can out to the public cleanVPN subforum or, better yet, github repository.

I'm badly, badly behind on all sorts of administrative tasks, and thus a bottleneck in many areas. If you've got a github account, please let me know and I'll read you in w/ commit privileges in the github repo so we can work on this as a team. I can't carry this solo, nor even with the rest of the cstorm team... it's too big, and still growing.

Cheers,

~ pj

Re: .pcap Scrubbing

Post by parityboy » Sat Feb 21, 2015 8:03 pm

@OP

Many thanks for bringing this up, it galvanised me into exercising my StartPage-fu. :P Check this out. :)

It happens pretty often that I’ll come across an interesting PCAP file that I want to share with others. Unfortunately, divulging these packet captures can give away certain sensitive information such as an organizations internal IP range, IP addresses of sensitive company assets, MAC addresses of critical hardware that could identify the product vendors, and more.

Fortunately, there is a tool which helps alleviate some of these issues. The tool is called Tcprewrite and is actually a part of the Tcpreplay suite. Tcpreplay is used to send packets from a PCAP back across the wire, but the suite actually contains a few other useful tools.Tcprewrite itself can be used to add and modify packet fields within PCAP files.


It looks like a Linux/UNIX tool. I'm not sure if there's a Windows version/equivalent.

.pcap Scrubbing

Post by FalsNameMcAlias » Sat Feb 21, 2015 2:37 am

Hi everyone, I have a problem that I think is relevant to quite a few people that should be discussed here. Mainly, the fact that I'm more than happy to provide .pcap files to help out cryptostorm, but I also would rather not give away any personal information inside said pcap files. I'm sure many other people are having this issue, but I think there is a solution that could help out all of us. Is it possible to make a script that will scub all personal information such as irrelevant IP addresses and such out of a pcap file? I feel that this would help people like me who want to help cryptostorm out as much as they can, but don't want to give away any potentially damning info inside these little packets. Cheers!

Top

Nothing to display.

Login