Wireshark-dev: Re: [Wireshark-dev] Feature Request
From: "Sake Blok" <sake@xxxxxxxxxx>
Date: Thu, 23 Jul 2009 15:28:33 +0200
Kevin,
Yes, this is definitely worthy of a feature
request. In fact, the developers have discussed this option at Sharkfest in
great depth. Please feel comfortable to add it to the list.
In general, there are many caveats in implementing
anonimization. It should be handled per protocol, taken into account that
certain data can be segmented across multiple frames. It can be compressed or
encapsulated. Certain lower layer data can be present in higher layer
protocols. So in the end, if it is implemented, it should be used with great
caution. A false sense of security is worse than having no security at all
(which of course can be disputed ;-)).
As for masking IP addresses. Of course it is easy
to alter the src and dst ip addresses of packets, but what to do with the icmp
unreachable messages. And the port command of an FTP session? Or the
X-Forwarded-For header in HTTP? And should IP addresses be changed the same way
on all protocol levels?
We really need this feature IMHO, but it is pretty
complex to implement it properly unfortunately.
Cheers,
Sake
PS Have a look at the bittwist "suite",
it contains bittwiste which could alter mac-addresses, ip-addresses, ports etc
of packets, so that might suit your needs, but be aware of the higher layers
that might still contain the things you were trying to mask (http://bittwist.sourceforge.net/).
|
- Follow-Ups:
- Re: [Wireshark-dev] Feature Request
- From: Aaron Turner
- Re: [Wireshark-dev] Feature Request
- References:
- [Wireshark-dev] Feature Request
- From: Kevin Jones
- [Wireshark-dev] Feature Request
- Prev by Date: Re: [Wireshark-dev] Using multiple layers of dissectors
- Next by Date: Re: [Wireshark-dev] win 64 wireshark build
- Previous by thread: [Wireshark-dev] Feature Request
- Next by thread: Re: [Wireshark-dev] Feature Request
- Index(es):
- Get Wireshark
- Download
- Code of Conduct