Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

.pcap Scrubbing

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
User avatar

Topic Author
FalsNameMcAlias
Posts: 3
Joined: Sat Feb 21, 2015 2:15 am
Contact:

.pcap Scrubbing

Postby FalsNameMcAlias » Sat Feb 21, 2015 2:37 am

Hi everyone, I have a problem that I think is relevant to quite a few people that should be discussed here. Mainly, the fact that I'm more than happy to provide .pcap files to help out cryptostorm, but I also would rather not give away any personal information inside said pcap files. I'm sure many other people are having this issue, but I think there is a solution that could help out all of us. Is it possible to make a script that will scub all personal information such as irrelevant IP addresses and such out of a pcap file? I feel that this would help people like me who want to help cryptostorm out as much as they can, but don't want to give away any potentially damning info inside these little packets. Cheers!

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: .pcap Scrubbing

Postby parityboy » Sat Feb 21, 2015 8:03 pm

@OP

Many thanks for bringing this up, it galvanised me into exercising my StartPage-fu. :P Check this out. :)

It happens pretty often that I’ll come across an interesting PCAP file that I want to share with others. Unfortunately, divulging these packet captures can give away certain sensitive information such as an organizations internal IP range, IP addresses of sensitive company assets, MAC addresses of critical hardware that could identify the product vendors, and more.

Fortunately, there is a tool which helps alleviate some of these issues. The tool is called Tcprewrite and is actually a part of the Tcpreplay suite. Tcpreplay is used to send packets from a PCAP back across the wire, but the suite actually contains a few other useful tools.Tcprewrite itself can be used to add and modify packet fields within PCAP files.


It looks like a Linux/UNIX tool. I'm not sure if there's a Windows version/equivalent.

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re migrating data to cleanVPN.org

Postby Pattern_Juggled » Mon Mar 02, 2015 11:41 am

Quick note: let's move as much of this as we can out to the public cleanVPN subforum or, better yet, github repository.

I'm badly, badly behind on all sorts of administrative tasks, and thus a bottleneck in many areas. If you've got a github account, please let me know and I'll read you in w/ commit privileges in the github repo so we can work on this as a team. I can't carry this solo, nor even with the rest of the cstorm team... it's too big, and still growing.

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f



Return to “#cleanVPN ∴ encouraging transparency & clean code in network privacy service”

Who is online

Users browsing this forum: No registered users and 1 guest

cron

Login