Make pibs to write pcap with Anon dest IP
dr0t opened this issue · comments
pibs could rewrite the pcap and anonymize the dst_ip that contains the collector network.
RST and SYN-ACK traffic should be easy to rewrite.
Does pibs extract icmp?
Hi,
good point--we should definitely work on that. I am wondering whether this kind of privacy filtering could be of any use on different points of the D4 chain (client side for instance).
pibs does not work on ICMP (yet)!
For the record, we wrote a blog post about how to use tcprewrite to scrap information from captures: https://d4-project.org/2019/06/17/sharing-between-D4-sensors.html
We are still pondering the idea of implementing this directly into pibs though.