traceanon

Langue: en

Version: 254293 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

NAME

traceanon - anonymise ip addresses of traces

SYNOPSIS

traceanon [ -s | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix | --prefix=prefix ] [ -c key | --cryptopan=key ] sourceuri desturi

DESCRPTION

traceanon anonymises a trace by replacing IP addresses found in the IP header, and any embedded packets inside an ICMP packet. It also fixes the checksums inside TCP and UDP headers.

Two anonymisation schemes are supported, the first replaces a prefix with another prefix. This can be used for instance to replace a /16 with the equivilent prefix from RFC1918. The other scheme is cryptopan which is a prefix preserving encryption scheme based on AES.

-s
--encrypt-source encrypt only source ip addresses.
-d
--encrypt-dest encrypt only destination ip addresses.
-p
--prefix=prefix substitute the high bits of the IP addresses with the provided prefix.
-c
--cryptopan=key encrypt the IP addresses using the prefix-preserving cryptopan method using the key "key". The key can be up to 32 bytes long, and will be padded with NUL charactors.

EXAMPLES

 traceanon --cryptopan="fish go moo, oh yes they do" \
         --encrypt-source \
         --encrypt-dest \
         erf:/traces/unenc.gz \
         erf:/traces/enc.gz \
 

BUGS

This software should support encrypting based on the direction/interface flag.

IP addresses inside ARP's are not encrypted.

More details about traceanon (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracedump(1)

AUTHORS

Perry Lorier <perry@cs.waikato.ac.nz>