Comment # 10
on bug 8349
from Anders Broman
(In reply to comment #9)
> (In reply to comment #8)
> > (In reply to comment #7)
> > > Two reasons: Privacy and Confidentiality.
> > >
> > > Let's say a user need to share a capture file containing a single packet in
> > > order to get help with some troubleshooting. He captures traffic on his LAN
> > > and filters out a single packet, which is saved to a new pcapng-file. This
> > > PcapNG-file can, however, still contain several NRB entries for hosts that
> > > the user didn't wanna reveal.
> > >
> > > Here is a real-world example, where I was able to reveal the identity of an
> > > "anonymous" user who had sniffed traffic from the Great Firewall of China:
> > >
> > > http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-
> > > MITM-on-GitHub
> >
> > For Privacy and Confidentiality Writing NO NRB might be a better soulution...
>
> Yes, excluding the NRB would for sure provide better privacy, but I'm not
> sure why you bring that up as a "better solution". I would find it quite
> unlikely that filtered PcapNG files would be saved without any NRB entries
> as the default option.
Well it could be made to be the default if that's desired.
>
> The issue here is that PcapNG files can leak sensitive information when a
> user shares a PcapNG file that has been filtered to ONLY contain the packets
> that he/she feels comfortable sharing. There is currently NO filtering of
> NRB entires in Wirehsark!
No because that's difficult to implement and may inpact performance severly,
it's easier to implement an option to not write NRB:s with the the desired
default.
You are receiving this mail because:
- You are watching all bug changes.
