tcpanon is a TCP trace anonymizer written in Python. Referring to the TCP/IP stack, what's new is the capability to work at level 7: the TCP stream of each flow in a traffic trace is first interpreted and reassembled at the application layer. Then, sensitive information, according to the rules set in a configuration file, are either erased or camouflaged. The current version works with some of the most common "clear text" protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data, but it can be easily extended to other protocols.
For more information, contact Francesco Gringoli.
tcpanon is distributed under the classical BSD license. Please see also the LICENSE.txt file, which should have come along with this software.
The tool can be downloaded from here (version 0.2, tar.gz file, 48kB).
To start using tcpanon, just run:
./tcpanon.py infile
where "infile" is the input file (in PCAP format) containing the trace to anonymize. The output is a PCAP file ("infile.anon" by default) with the packet payloads fully anonymized.
Run
./tcpanon.py -h
for the complete set of options.
If no other options are specified, the program obfuscates the following clear-text protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data. Instructions to anonymize other protocols can be easily added as external modules (or classes).
The user can specify the anonymization level of each application protocol by editing the configuration file "tcpanon.config". Given a clear-text application protocol, the config file allows the user to:
See HTML documents enclosed in the distribution