Sanitize is a collection of five (simple) Bourne shell
scripts for reducing
tcpdump traces in
order to address security and privacy concerns, by renumbering hosts and
stripping out packet contents. Each script takes as input a
tcpdump trace file and generates to stdout a reduced, ASCII file
in fixed-column format. The scripts are:
sanitize-tcp - reduce all TCP packets
sanitize-syn-fin - reduce TCP SYN/FIN/RST packets
sanitize-udp - reduce UDP packets
sanitize-encap - reduce encapsulated IP packets (usually MBone)
sanitize-other - reduce any other types of packets
The reductions performed by the script vary depending on the type of
traffic. For example, reduced TCP traffic retains the packet size
(amount of user data), while other reduced traffic does not. See
Limitations below for details.
The scripts are written using Bourne shell,
and the common Unix utilities sed and awk. The
author believes the scripts work with "old" awk, but it's possible
that recent changes to the scripts have broken this. The scripts
definitely work with "new" awk.
The scripts discard all packet contents. The size of the packet data
contents are retained only for TCP traffic. For encapsulated IP traffic
(usually MBone), and for non-TCP, non-UDP, non-encap-IP traffic, only
timestamps are generated. The script for reducing TCP SYN/FIN/RST
packets is separate from the one for reducing all TCP packets, so the
host renumbering performed by each will be independent.
Written by Vern Paxson. No acknowledgement in publications is necessary.
Report bugs to firstname.lastname@example.org.
The current release is 1.0. It has been used for reducing some large
traces and is believed free of blatant bugs. Updates will appear
directly in the Internet Traffic Archive.
The author places the software in the public domain. It may be freely
Just a simple
Available from the Archive in
compressed tar format (5 KB).
Software In The Internet Traffic Archive.