Capture module: Difference between revisions

Capture module (view source)

Revision as of 12:15, 20 July 2023

477 bytes added , 20 July 2023

→‎Capture settings dialog

Martin.fesser

340

edits

@@ Line 404: / Line 404: @@
 ::STUN payload IP addresses will be randomized similar to L3.
 :* Phone numbers, name and Call ID in SIP packets on L7
-: SIP payload data is masked with 'xxx' values for the names and phone numbers in the fields "From", "To", "Contact", "P-Asserted-Identity". Call Ids are also replaced. IP addresses are not touched, if they shall be anonymized, please use option "IP addresses on L7".
+:: SIP payload data is masked with 'xxx' values for the names and phone numbers in the fields "From", "To", "Contact", "P-Asserted-Identity". Call Ids are also replaced. IP addresses are not touched, if they shall be anonymized, please use option "IP addresses on L7".
+:* URLs and HTTP hostnames on L7
+:: URLs and HTTP hostnames in L7 payload are masked with 'xxx' values. The length of the masked name/URL will stay the same and line feeds won't be touched.
+::: Examples:
+::: 'GET /website.html?param1=value HTTP/1.1\r\n' will be changed to 'GET xxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1\r\n'
+::: 'Host: allegro-packets.com\r\n' will be changed to 'Host: xxxxxxxxxxxxxxxxxxx\r\n'
+::: 'https://www.allegro-packets.com/en/' will be completely masked
 :Address anonymization is stable for the whole PCAP, i.e. the same addresses will be replaced by the same random addresses. As an example, if both randomization of IP addresses on L3 and L7 is active and a SIP call with RTP is captured, both IP addresses in L3 and SIP SDP payload are replaced by the same values so that the correlation of the RTP stream is still intact.