If (SourceIP=IPToHide) than let SourceIP=FalseIP But the question her to: where and how can I add the static mapping? For information her is the code line (approximately) to add: capture source IP, let it = to SourceIP The question her is: did all the Wireshark GUI features will respect the anonymity PktAnon on the fly? in real time?Ģ- make changes on dumpcap.c is may be the better solution if it concern all the features Wireshark GUI propose. In this case, a false executable file (on windows) having the same icon as Wiershark, should run the command Wireshark -i eth0 -s 0 -w - | pktanon. End of page 6-ġ- To use PktAnon piping, Wireshark should be run like this: – Original data can‘t be examined as it is never written to disk – Anonymization process must be fast enough to avoid drops – Modification is done between capturing the packets and writing them to disk – Anonymize tracefiles while they‘re captured I saw Jasper's presentation (SHARKFEST ‘11 | Stanford University | June 13–16, 201) and he said exactly what I'm looking for: I'm very happy to know that some one had already meet this need. If some one can help me by sending me the file to change (or the files to change) it will be very hopeful and helpful. The problem is to know where to make this changes. If ( destIP= RealIP) than let SourceIP= FalseIPīy this way, all the IP shown on the GUI interfaces, all the stored files, and all the filters, will work on the new IP (the FalseIP) each time the RealIP is detected. If ( SourceIP= RealIP) than let SourceIP= FalseIP So is there a manner, in a low level file for example (winpcap? because I'm on Windows bad thinks.) where we can add some thing like this: In some words, we assume that Wireshark is sniffing traffic between my PC (IP1) and a server (IP2). I wan to make Wireshark showing and saving a false IP address in a replacement in a real one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |