tcpanon is a TCP trace anonymizer written in Python. Referring to the TCP/IP stack, what's new is the capability to work at level 7: the TCP stream of each flow in a traffic trace is first interpreted and reassembled at the application layer. Then, sensitive information, according to the rules set in a configuration file, are either erased or camouflaged. The current version works with some of the most common "clear text" protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data, but it can be easily extended to other protocols.

Contact information

For more information, contact Francesco Gringoli.


tcpanon is distributed under the classical BSD license. Please see also the LICENSE.txt file, which should have come along with this software.


The tool can be downloaded from here (version 0.2, tar.gz file, 48kB).

Basic usage information

To start using tcpanon, just run:

./ infile

where "infile" is the input file (in PCAP format) containing the trace to anonymize. The output is a PCAP file ("infile.anon" by default) with the packet payloads fully anonymized.


./ -h

for the complete set of options.

If no other options are specified, the program obfuscates the following clear-text protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data. Instructions to anonymize other protocols can be easily added as external modules (or classes).

The user can specify the anonymization level of each application protocol by editing the configuration file "tcpanon.config". Given a clear-text application protocol, the config file allows the user to:

Source code documentation

See HTML documents enclosed in the distribution