Network Packet Security: Anonymization with TraceWrangler

With the application of network packet analysis technology, security issues related to network packet security, such as packet capture and analysis, also arise. Since network packets may carry some sensitive information to a greater or lesser extent, there are always certain concerns when it comes to information sharing.

In our work, we sometimes encounter similar scenarios as follows, including:

1. When the production business system encounters a problem, the network data packets collected need to be provided to internal or external engineers for troubleshooting and analysis;

2. When discussing technical issues with friends or consulting or discussing on external public platforms, some network data packet information that needs to be shared, including screenshots or tracking files;

3. When publishing technical articles and materials externally, when citing network data packet information.

……

So how do we ensure the security of these shared data packet information?

One of these methods is to anonymize data packet information. This article briefly introduces it from the perspective of an anonymization tool user.

As for the anonymized data packet trace file information, it may include two aspects of processing: data packet information screenshots or the data packet trace file itself.

1. Data packet information screenshot

Mosaic is the first choice, and the relevant information under image processing, such as the IP address part ~ P-image tool;

Network packet security

2. Packet trace files

Through the slicing tool, only the required header part is left for analysis; (the disadvantage is that it cannot go deep into the application layer)

Packet anonymization tools (also known as packet modifiers) for in-depth processing, manual or batch processing of information such as MAC addresses, IP addresses, TCP/UDP ports and application layer information.

TraceWrangler

TraceWrangler is a tool developed by Jasper Bongertz, a core technician of Wireshark. Those who often watch Sharkfest should be familiar with this tool. He will give a special speech on TraceWrangler at the conference almost every year.

To be honest, personally, since I have used TraceWrangler, I rarely use other tools. TraceWrangler can only be described as a magical tool, at least it can completely cover the scenarios where I want to share data packet file information.

Main Interface

Adding and anonymizing files

The default task includes some common anonymization options, including:

Payload , which can remove unknown application layers, truncate a layer, truncate by offset, and replace a specified string;

PCAPng , for pcapng format files, can anonymize comments, interface names, name resolution, etc.;

Layer2 , you can specify or randomly replace the MAC address and VLAN ID, replace CRC, etc.;

Layer3 , can specify or randomly replace IP addresses and IP IDs, ICMP control information, etc.;

Layer4 , you can specify or replace TCP, UDP port information, etc.

Others , including special application layer information, etc.

Of course, you can also clear all default options through the Tools option, anonymize only a certain field according to your needs, or set and save a profile that you often use.

The following is a simple task of anonymizing an IPv4 address. The original file information is as follows:

Only process IPv4 address information, specify to replace the source IP 192.168.0.1 with 100.1.1.1, and the destination IP 10.10.10.1 with 200.1.1.1. Of course, you can also randomly and anonymously process IPv4 addresses, see the [Process remaining IP addresses] option below.

After clicking Okay, you will return to the main interface and generate an anonymized file task (including file details on the right). After clicking Run, an anonymized file will be automatically generated next to the original file. If the original file name is test.pcapng, the anonymized file will be test_anon.pcapng.

The test_anon file information is processed as follows

Summary

When sharing network packet information, ensuring Network packet security is crucial to prevent sensitive details from being exposed. Scenarios like troubleshooting, public discussions, or publishing technical materials often require anonymizing packet data. This can be done by editing screenshots or processing trace files using tools like TraceWrangler. TraceWrangler, developed by Jasper Bongertz, offers powerful features to anonymize payloads, IP addresses, MAC addresses, and more. With its customizable options and batch processing capabilities, it is an essential tool for maintaining Network packet security while facilitating safe data sharing.