Warning: your browser was not able to load the Style Sheet of this website. Therefore, your browsing experience will not be as convenient as it was intended by the author.
tcpanon is a TCP trace anonymizer written in Python. Referring to the TCP/IP stack, what's new is the capability to work at level 7: the TCP stream of each flow in a traffic trace is first interpreted and reassembled at the application layer. Then, sensitive information, according to the rules set in a configuration file, are either erased or camouflaged. The current version works with some of the most common "clear text" protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data, but it can be easily extended to other protocols.
For more information, contact Francesco Gringoli.
tcpanon is distributed under the classical BSD license. Please see also the LICENSE.txt file, which should have come along with this software.
The tool can be downloaded from here (version 0.2, tar.gz file, 48kB).
Basic usage information
To start using tcpanon, just run:
where "infile" is the input file (in PCAP format) containing the trace to anonymize. The output is a PCAP file ("infile.anon" by default) with the packet payloads fully anonymized.
for the complete set of options.
If no other options are specified, the program obfuscates the following clear-text protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data. Instructions to anonymize other protocols can be easily added as external modules (or classes).
The user can specify the anonymization level of each application protocol by editing the configuration file "tcpanon.config". Given a clear-text application protocol, the config file allows the user to:
- Keep fields not anonymized. For instance, the instruction "Host: ALL" applied to 'Host: 192.168.1.1' gives 'Host: 192.168.1.1'
- Erase only the sensitive information about the host, and leave the name of fields in clear text. The instruction "Host: TAG" applied to 'Host: 192.168.1.1' gives 'Host: xxxxxxxxxxx'
- Blindly remove all the payload information. The instruction "Host: NONE" applied to 'Host: 192.168.1.1' gives 'xxxxxxxxxxxxxxxxx'
Source code documentation
See HTML documents enclosed in the distribution