Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TRACEANON(1)			 User Commands			  TRACEANON(1)

NAME
       traceanon - anonymise ip addresses of traces

SYNOPSIS
       traceanon [ -s | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix
       | --prefix=prefix ] [ -c key | --cryptopan=key ] [ -f key-file | --key‐
       file=file  ] [ -z level | --compress-level=level ] [ -Z method | --com‐
       press-type=method ] sourceuri desturi

DESCRPTION
       traceanon anonymises a trace by replacing IP addresses found in the  IP
       header,	and any embedded packets inside an ICMP packet.	 It also fixes
       the checksums inside TCP and UDP headers.

       Two anonymisation schemes are supported, the first  replaces  a	prefix
       with  another  prefix.	This can be used for instance to replace a /16
       with the equivilent prefix from RFC1918.	 The other scheme is cryptopan
       which is a prefix preserving encryption scheme based on AES.

       -s
       --encrypt-source
	      encrypt only source ip addresses.

       -d
       --encrypt-dest
	      encrypt only destination ip addresses.

       -p
       --prefix=prefix
	      substitute  the  high bits of the IP addresses with the provided
	      prefix.

       -c
       --cryptopan=key
	      encrypt the IP addresses using the  prefix-preserving  cryptopan
	      method using the key "key".  The key can be up to 32 bytes long,
	      and will be padded with NULL characters.

       -f
       --keyfile=file
	      encrypt the IP addresses using the  prefix-preserving  cryptopan
	      method using the key specified in the file "file".  The key must
	      be 32 bytes long. A suitable method of generating a  key	is  by
	      using the command dd to read from /dev/urandom.

       -z
       --compress-level=level
	      compress	the output trace using a compression level of "level".
	      Compression level can range from 0 (no compression)  through  to
	      9.  Higher compression levels require more CPU to compress data.
	      Defaults to no compression.

       -Z
       --compress-type=method
	      compress	the  output  trace  using  the	compression  algorithm
	      "method".	 Possible  algorithms  are  "gzip", "bzip2", "lzo" and
	      "none". Default is "none".

EXAMPLES
       traceanon --cryptopan="fish go moo, oh yes they do" \
	    --encrypt-source \
	    --encrypt-dest \
	    --compress-level=1 \
	    --compress-type=gzip \
	    erf:/traces/unenc.gz \
	    erf:/traces/enc.gz \

BUGS
       This software should support encrypting based on	 the  direction/inter‐
       face flag.

       IP addresses inside ARP's are not encrypted.

LINKS
       More   details	about	traceanon  (and	 libtrace)  can	 be  found  at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO
       libtrace(3), tracemerge(1),  tracefilter(1),  traceconvert(1),  traces‐
       tats(1),	  tracesummary(1),   tracertstats(1),  tracesplit(1),  traces‐
       plit_dir(1), tracereport(1),  tracepktdump(1),  tracediff(1),  tracere‐
       play(1), traceends(1), tracetopends(1)

AUTHORS
       Perry Lorier <perry@cs.waikato.ac.nz>

traceanon (libtrace)		 October 2005			  TRACEANON(1)

Vote for polarhome