Capture module: Difference between revisions

Jump to navigation Jump to search

Capture module (view source)

Revision as of 11:59, 4 April 2024

1,952 bytes removed ,  4 April 2024
→‎Capture settings dialog
Line 436: Line 436:


* Anonymization
* Anonymization
: This option allows enabling or disabling anonymization of the downloaded PCAP file.
: This option allows enabling or disabling anonymization of the downloaded PCAP file by either apply generic settings or choosing a custom anonymization profile.
: When enabled, following options are available (more than one option is possible):
: See [[Capture_module#PCAP_anonymization_profile|PCAP anonymization]] for details.
:* MAC addresses on L2
::MAC addresses on L2 will be replaced by random addresses octet-wise. Multicast/broadcast addresses will not be randomized.
:* IP addresses on L3
::IP addresses on L3 will be replaced by random addresses octet-wise for IPv4 and hextet-wise for IPv6. Multicast/broadcast addresses will not be randomized. The octets of the IP address will have the same length in textual representation (e.g. 100.20.3.40 -> 105.31.6.41). For IPv6 address short notation will be considered and the randomized result will also have the same textual length.
:* IP addresses on L7
::IPv4 and IPv6 addresses in textual representation in L7 payload will be randomized similar to L3.
:* Mapped IP addresses in STUN packets on L7
::STUN payload IP addresses will be randomized similar to L3.
:* Phone numbers, name and Call ID in SIP packets on L7
:: SIP payload data is masked with 'xxx' values for the names and phone numbers in the fields "From", "To", "Contact", "P-Asserted-Identity". Call Ids are also replaced. IP addresses are not touched, if they shall be anonymized, please use option "IP addresses on L7".
:* URLs and HTTP hostnames on L7
:: URLs and HTTP hostnames in L7 payload are masked with 'xxx' values. The length of the masked name/URL will stay the same and line feeds won't be touched.
::: Examples:
::: 'GET /website.html?param1=value HTTP/1.1\r\n' will be changed to 'GET xxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1\r\n'
::: 'Host: allegro-packets.com\r\n' will be changed to 'Host: xxxxxxxxxxxxxxxxxxx\r\n'
::: https://www.allegro-packets.com/en/ will be completely masked
 
:Address anonymization is stable for the whole PCAP, i.e. the same addresses will be replaced by the same random addresses. As an example, if both randomization of IP addresses on L3 and L7 is active and a SIP call with RTP is captured, both IP addresses in L3 and SIP SDP payload are replaced by the same values so that the correlation of the RTP stream is still intact.
 
:Checksums of the changed packets are *not* being recalculated.


After pushing the '''Start capture''' button, the capture starts.
After pushing the '''Start capture''' button, the capture starts.
Martin.fesser
340

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/4721"

Navigation menu