flowscrub

Description

flowscrub provides multi-format (pcap, netflow, silk), multi-layer (link, network, transport, application), and multi-attribute (ethernet.src, ip.ttl, tcp.sport, http.uri, etc) transformations (set, zero, mask, rand, hash, etc) for flexible and powerful flow anonymization using simple configuration files.

Sample Usage

smi:/Volumes/pcap jonojono$ ls -lh
-rw-r--r--  1 root  wheel   568M 24 Aug  2006 2006-08-24.01.pcap.gz
-rw-r--r--  1 root  wheel   421M 24 Aug  2006 2006-08-24.02.pcap.gz
-rw-r--r--  1 root  wheel   428M 24 Aug  2006 2006-08-24.03.pcap.gz
...
smi:/Volumes/pcap jonojono$ flowscrub.py -f pcap -c scrub.conf 2006-08-24.*.pcap.gz
scrubbing 2006-08-24.01.pcap.gz...done
scrubbing 2006-08-24.02.pcap.gz...done
scrubbing 2006-08-24.03.pcap.gz...done
...

Sample scrub.conf

pcap.ts timedelta
ethernet.src zero
ethernet.dst zero
ip.src mask 16
ip.dst hash
tcp.sport zero

Download

Downloads have been archived.

Copyright © 2021 - Jon Oberheide