Skip to content

Latest commit

 

History

History
 
 

doc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
API.txt
API.txt
 
 
CHANGELOG
CHANGELOG
 
 
README
README
 
 

README

APPLICATION USAGE
=================
	- There are 3 anonymization applications provided, in the folder applications/
	  plus 2 small tcpdump traces for testing (small_trace -> various TCP traffic, netflow_v9_small -> what it says)

=================
	The first of these, is a sample application that uses the framework in order to anonymize TCP and UDP packets.
The tool is able to anonymize IP addresses, tcp ports, TCP/UDP payload, checksums, IP options, as well as printing 
the packets. The application reads packets from a pcap trace file or from an network interface and dumps the anonymized
packets to a pcap file. Note that -f or -i option must preceed all other options

./anon_packets [ -f input_file | -i interface ] [-a -t -d -c -z -p -h] output
    -a ANONYMIZE IP addresses (PREFIX, MAP, ZERO)
    -e ANONYMIZE ETHERNET addresses (ZERO)
    -t ANONYMIZE TCP ports (MAP, ZERO)
    -d ANONYMIZE TCP/UDP payload (STRIP, ZERO, HASH)
    -c Fix checksums
    -z Zero tcp and ip options
    -p Print anonymized packets
    -h Print this help message

Examples:

	1) Prefix-preserving anonymization for IP addressses, mapping to intergers for TCP ports, zero TCP/IP options, 
	replace TCP/UDP payload with hash and fix checksums. Read packets from pcap file input_file and dump anonymized 
	packets to pcap file output_file
    
	./anon_packets -f input_file -c -z -a PREFIX -t MAP -d HASH output_file

	2) Map IP addressses to integers, zero TCP/IP options, remove TCP/UDP payload with hash, fix checksums and print 
	anonymized packets.Read packets from eth0 interface and dump anonymized packets to pcap file output_file
	
	./anon_packets -i eth0 -p -c -z -a MAP -d STRIP output_file

=================

	The second & third applications are able to perform anonymization of Netflow datagrams, as exported by a Cisco router.
	The Netflow datagram export format is defined in excruciating detail here:

	http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml	(for version 9)
	http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/nfc/nfc_3_0/nfc_ug/nfcform.htm		(for version 5, amongst others)

	Every field that might be included in a Netflow datagram can be anonymized. The application, as probably expected, can read from a pcap
compatible trace file or a live NIC and dump the anonymized packets to a pcap compatible file.
One could as easily feed the file to another NIC through the use of UNIX pipes & tools such as tcpreplay.

	Run ./anonymize_netflow_v9 or ./anonymize_netflow_v5 for a message explaining the usage of those 2 applications. Most options
	are common with previous two applications.


ANONYMIZATION API
=================
Please read the API.txt for the API documentation.

It contains all available fields and functions to develop 
your own applications along with source code of a bare-bones sample application.


NOTES
=================