Sanitize

Description
Sanitize is a collection of five (simple) Bourne shell scripts for reducing tcpdump traces in order to address security and privacy concerns, by renumbering hosts and stripping out packet contents. Each script takes as input a tcpdump trace file and generates to stdout a reduced, ASCII file in fixed-column format. The scripts are:


The reductions performed by the script vary depending on the type of traffic. For example, reduced TCP traffic retains the packet size (amount of user data), while other reduced traffic does not. See Limitations below for details.
Requirements
The scripts are written using Bourne shell, tcpdump, and the common Unix utilities sed and awk. The author believes the scripts work with "old" awk, but it's possible that recent changes to the scripts have broken this. The scripts definitely work with "new" awk.
Limitations
The scripts discard all packet contents. The size of the packet data contents are retained only for TCP traffic. For encapsulated IP traffic (usually MBone), and for non-TCP, non-UDP, non-encap-IP traffic, only timestamps are generated. The script for reducing TCP SYN/FIN/RST packets is separate from the one for reducing all TCP packets, so the host renumbering performed by each will be independent.
Acknowledgements
Written by Vern Paxson. No acknowledgement in publications is necessary. Report bugs to vern@ee.lbl.gov.
Version
The current release is 1.0. It has been used for reducing some large traces and is believed free of blatant bugs. Updates will appear directly in the Internet Traffic Archive.
Restrictions
The author places the software in the public domain. It may be freely redistributed, etc.
Documentation
Just a simple README.
Distribution
Available from the Archive in compressed tar format (5 KB).


Up to Software In The Internet Traffic Archive.