Sounds like another possible feature request, just like Microsoft Word's
"Remove Hidden Data" Add-in. Sanitize MAC addresses, IP addresses, and
perhaps ports.
Frank
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of J. Andrew
Kitkowski
Sent: Friday, July 27, 2007 1:29 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Whitewashing Packet Traces?
Hey all:
I'm doing some troubleshooting in a client environ,
and we're using Wireshark to analyze CIFS traffic.
Problem is, they're a secure site, and require a
whitewash/screening process on all data before they
can send to us.
In this case, the trace was taken between a W2K3
server and a Netapp filer (just between two
interfaces/IPs), and we're looking for a way we can
basically whitewash the trace. That is, basically
replace the IPs within the trace with other IPs
(change "10.100.100.1" to "192.168.1.1") and the same
for MACs.
However, unfortunately when opening traces with vi and
the like, the IPs are not listed in plaintext.
I checked all available docs, and did some google
hunts. Is there a way to do this, basically take a
Wireshark trace file, then edit it to "swap out" data
like IPs and MACs?
Thanks for your time.
-Andy K
____________________________________________________________________________
________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us.
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
