[ntar-workers] Anonymization Support
Gianluca Varenni
gianluca.varenni at gmail.com
Fri Jul 1 05:56:35 GMT 2005
----- Original Message -----
From: "Guy Harris" <guy at alum.mit.edu>
To: <ntar-workers at winpcap.org>
Sent: Thursday, June 30, 2005 2:54 PM
Subject: Re: [ntar-workers] Anonymization Support
>
> On Jun 30, 2005, at 2:20 PM, Jose M. Gonzalez wrote:
>
>> Another interesting feature in the NTAR model would be some sort of
>> support
>> for anonymization. At minimum, I'd appreciate being able to know whether
>> any sort of anonymization has been carried out in the trace. Maybe an
>> ASCII option in the IDB that explains what was done.
>
> Why the IDB? Anonymization isn't necessarily per-interface.
>
> And why does anonymization need a special type of flag? I think multiple
> comment options are supported for blocks, so an anonymizer could add one
> to the SDB saying "IP and MAC addresses anonymized by TraceScrubber 1.5"
> or whatever, and that wouldn't overwrite, say, a comment added by the
> user doing the capture saying "Trace of HTTPS problem with IE 7.0" or
> whatever.
I agree. All these informations can be saved as comments in either the IDB
or the packet blocks. Maybe the only reason for having a flag (in the IDB?
or in the packet blocks?) is that a comment (i.e. a string) is basically
some opaque information that is only human readable (unless you use a
predefined string) while a flag is understandable by an application, as
well.
Have a nice day
GV
> _______________________________________________
> ntar-workers mailing list
> ntar-workers at winpcap.org
> https://www.winpcap.org/mailman/listinfo/ntar-workers
More information about the ntar-workers
mailing list