TCPDPRIV

Description

Tcpdpriv is program for eliminating confidential information from packets collected on a network interface (or, from trace files created using the -w argument to tcpdump).

Requirements

Tcpdpriv is fairly modest in its requirements. It does, however, require the packet capture library (libpcap).

Limitations

Tcpdpriv works on SunOS, Solaris, FreeBSD and Linux, and should port to other systems fairly easily, although there have been problems reported porting to Digital Unix running on Alpha processors.
Link-level headers are passed through unchanged.
It would be nice if tcpdpriv could retain subnet broadcast information.
The -A50 option can be a security concern for some sites (but is probably not a concern for most sites). A short analysis of the security issues with the -A50 option is available.

History

Written by Greg Minshall of Ipsilon Networks, Inc., August 1996
Version 1.1.10 dated 27 Aug 1997.
Small corrections for Linux by Gerald Combs of Ethereal.com, January 1999
Wide-tcpdpriv version 1.3 by the WIDE project, now distributed by NetBSD as part of the tcpd-tools package, January 2000. I was not aware of this version when I made my modifications.
Added -S 1 option to leave the TCP and IP options intact, all-zeros and all-ones addresses preserved, configure converted from tcsh to sh, makefile revised, distribution file converted to .tar.gz, this page updated by Francesco Potortì, February 2004.
Version
The current release is 1.1.11, dated 2004-02-05.
Restrictions
The software is copyrighted by Ipsilon Networks, Inc. under an "old BSD-style" copyright, including the advertising clause. See the beginning of the source file tcpdpriv.c for details. This copyright essentially means you can redistribute the software freely, provided you keep the authorship information intact and you mention Ipsilon Networks in all advertising materials.
In 1997 Ipsilon Networks was bought by Nokia.
Documentation
A man page.
Distribution
Available in gzipped tar format.