new argus-2.0.0g and tcpclean-0.0.1
Carter Bullard
carter at qosient.com
Thu Sep 21 13:35:06 EDT 2000
Gentle people,
There is a new argus-2.0.0g at ftp://qosient.com/dev/argus/argus-2.0
Please refetch this version to continue testing on the fragment
processing bugs that we've been having. This version now runs
well with all the fragment packet files that have been sent. So
lets cross our fingers.
The fragment testing was made possible by a new tool that
I've got at ftp://qosient.com/dev/tcpclean/tcpclean-1.0
This tool is designed to be a tcpdump file anonymizer, and in
this first incantation, it removes the user data from tcpdump files.
Tcpclean reads a tcpdump file and writes a well formed tcpdump file
but the packets contain only packet headers, up to the transport
layer for TCP, UDP and ICMP. For other IP packets, tcpclean only
writes out the IP header and for non-IP packet, it outputs only
the ethernet headers.
So, tcpclean enabled a site to send us packet capture files
that had fragments in it but were hesitant to send, as there
may have been sensitive data in the capture files. Tcpclean
removed any doubt. Please take a look at it and send any comments
that you may have.
The next step for tcpclean is to allow it to modify captured
packets to anonymize the MAC and IP addresses. This will be
very nice.
Thanks for all the efforts and interest, and as always, any
comments/suggestions/opinions/ideas/flames/whatever are very
welcome.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20000921/bd73500e/attachment.html>
More information about the argus
mailing list