tcpdpriv

We use tcpdpriv to remove user data and scramble addresses. tcpdpriv was developed by Greg Minshall at Ipsilon Networks in 1996. tcpdpriv removes privacy information in a raw tcpdump output. tcpdpriv uses the pcap library to read and write tcpdump output files. tcpdpriv removes the payload of TCP and UDP, and the entire IP payload for other protocols. tcpdpriv implements several address scrambling methods; the sequential numbering method and its variants, and a hash method with preserving address prefix.

However, the original tcpdpriv lacks several features we need:

• it does not support IPv6.
• it does not preserve TCP options that are essential to analyzing TCP behaviors.
• we also want to preserve other protocols such as ICMP, ARP and DNS.

Thus, we have modified the original tcpdpriv to support these features. The default settings are also changed to meet our requirements since the options seem to be too complex and a mistake of option selection could be fatal to user privacy.