Networking/Computing Tips/Tricks

Rate this content:
5 of 5 - 2 votes
Thank you for rating this article.

One of the things that we have to do when capturing packets is save the packet captures to a file, so we can study them, or even send them to someone else who can help us to understand what is happening, or to send them the manufacturers as evidence of what went wrong with an application or a protocol.  The problem with this is that these capture files (or trace files) contain possibly private information from a user or system that we really don't want to share or accidentally leak to someone who may be a bad actor.

One of the principles we have always taught in our Wireshark classes is to presume that all your personal information: Drivers License, Passport, Birth Certificate, Bank Accounts, Usernames and passwords, are all in the packet capture.  Consider how you would handle that information.

One of the nice things about TCPdump in the early days was that it basically on captured packet header information, and did not save the packet contents.  With today's capture tools, like Wireshark, they copy/trace everything.  Granted, most of the data is encrypted, and without the keys to unencrypt, the user data is likely protected, but can we 100% guarantee that?

So, Tracewrangler is a tool that can anonymize packet captures by modifying some of the content, without modifying the sequence of events in a packet capture.  It can also perform other tasks like carving larger packet captures to isolate certain communications for examination.  Unfortunately, it is only available for Windows environments (it works in Linux using WINE).

Let's take a brief look at Tracewrangler:

I just want to publicly thank the author and long time Wireshark wizard: Jasper Bongertz for a great tool.  You can download Tracewrangler here.

Have you used Tracewrangler?  If so, how and tell us about your experience below in the comments.

I hope you find this article and its content helpful.  Comments are welcomed below.  If you would like to see more articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!, and all comments are welcome!

Add comment


Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!

Find by Tag

5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az ACL Addressing Analysis Ansible Architecture ARP Assessment AToM Backup Bandwidth BGP Bibliography Biography Briefings CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Clock Cloud Computer Consulting CPI Data Center Data Networking Decryption DHCPv4 DHCPv6 Display Filter DNS Documentation ECMP EIGRP Ethernet Flipping the Certification Model Follow Me Fragmentation Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 In A Day Internet IOS Classic IoT IPv4 IPv6 L2 Switch L2VPN L3VPN LDP Learning Services Linux LLN Logging LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast Name Resolution Netflow NetMon netsh Networking Network Science nmap Npcap nslookup Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX Parrot Passwords pcap pcap-ng PIM Ping Policy Port Mirror POTS POTS to Pipes PPP Profile Profiles Programming Project Management Python QoS QUIC Requirements RFC RIP Routing RPL RSVP SAS SDN Security Self Certification Service Provider Small Business Smartport SONET Span Port SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telnet Terminal TLS Tools Traceroute Traffic Analysis Traffic Engineering Training Travel Troubleshooting Tunnel Utility Video Virtualbox Virtualization Voice VoIP VXLAN Webex Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Wi-Fi 6/6E Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN ZigBee Zoom

Twitter Feed