1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
.TH TRACEANON "1" "October 2005" "traceanon (libtrace)" "User Commands"
.SH NAME
traceanon \- anonymise ip addresses of traces
.SH SYNOPSIS
.B traceanon
[ \-s | \-\^\-encrypt-source ]
[ \-d | \-\^\-encrypt-dest ]
[ \-p prefix | \-\^\-prefix=prefix ]
[ \-c key | \-\^\-cryptopan=key ]
[ \-f key-file | \-\^\-keyfile=file ]
[ \-z level | \-\^\-compress-level=level ]
[ \-Z method | \-\^\-compress-type=method ]
sourceuri
desturi
.SH DESCRPTION
traceanon anonymises a trace by replacing IP addresses found in the IP header,
and any embedded packets inside an ICMP packet. It also fixes the checksums
inside TCP and UDP headers.
Two anonymisation schemes are supported, the first replaces a prefix with
another prefix. This can be used for instance to replace a /16 with the
equivilent prefix from RFC1918. The other scheme is cryptopan which is a
prefix preserving encryption scheme based on AES.
.TP
.PD 0
.BI \-s
.TP
.PD
.BI \-\^\-encrypt-source
encrypt only source ip addresses.
.TP
.PD 0
.BI \-d
.TP
.PD
.BI \-\^\-encrypt-dest
encrypt only destination ip addresses.
.TP
.PD 0
.BI \-p
.TP
.PD
.BI \-\^\-prefix=prefix
substitute the high bits of the IP addresses with the provided prefix.
.TP
.PD 0
.BI \-c
.TP
.PD
.BI \-\^\-cryptopan=key
encrypt the IP addresses using the prefix-preserving cryptopan method using
the key "key". The key can be up to 32 bytes long, and will be padded with
NULL characters.
.TP
.PD 0
.BI \-f
.TP
.PD
.BI \-\^\-keyfile=file
encrypt the IP addresses using the prefix-preserving cryptopan method using
the key specified in the file "file". The key must be 32 bytes
long. A suitable method of generating a key is by using the command dd to read
from /dev/urandom.
.TP
.PD 0
.BI \-z
.TP
.PD
.BI \-\^\-compress-level=level
compress the output trace using a compression level of "level". Compression
level can range from 0 (no compression) through to 9. Higher compression levels
require more CPU to compress data. Defaults to no compression.
.TP
.PD 0
.BI \-Z
.TP
.PD
.BI \-\^\-compress-type=method
compress the output trace using the compression algorithm "method". Possible
algorithms are "gzip", "bzip2", "lzo", "xz" and "none". Default is "none".
.SH EXAMPLES
.nf
traceanon \-\^\-cryptopan="fish go moo, oh yes they do" \\
\-\^\-encrypt-source \\
\-\^\-encrypt-dest \\
\-\^\-compress-level=1 \\
\-\^\-compress-type=gzip \\
erf:/traces/unenc.gz \\
erf:/traces/enc.gz \\
.fi
.SH BUGS
This software should support encrypting based on the direction/interface flag.
IP addresses inside ARP's are not encrypted.
.SH LINKS
More details about traceanon (and libtrace) can be found at
http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
.SH SEE ALSO
libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1),
tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1),
tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1),
traceends(1), tracetopends(1)
.SH AUTHORS
Perry Lorier <perry@cs.waikato.ac.nz>
|
