Skip to content

DynamiteAI/dpacket

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

145 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
configs
configs
 
 
docs
docs
 
 
internal
internal
 
 
utilities
utilities
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
build.sh
build.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

dpacket

dpacket is a packet capture sanitization utility with the aim of transforming a pcap sample into a realistic, publicly releasable pcap file with minimal concern for privacy or identity exposure. I say minimal, because in sharing (internally collected network data) there is always some risk of information leakage. The only way to completely eliminate that risk is unfortunatley, not to share.

dpacket strives to do a good job at protecting sensitive data while still preserving as much of the analytical value of the original pcap as possible. Different packet artifacts are important to different folks so one of main design goals is to provide flexibility and control over what does with the packets it touches.

The remainder of this page provides some basic installation and usage info and an introduction to dpacket's core features. If you're looking to jump right to usage and examples, you can find them here.

Installation

dpacket is a compiled executable that will run on Linux and MacOS. To use it, all you need is the executable and a pcap file. There are currently three ways to retrieve the executable:

  1. Clone this repo, build the binary yourself and install it in the location of your choice.
  2. Clone this repo and copy the pre-compiled binary in the /cmd directory to the location of your choosing.
  3. Download one of the binary releases listed here.

For more information see Installation.

Basic Usage

Using dpacket in its default state is simple. Download it and run the executable, passing in the -s flag to specify a source pcap file to anonymize.

By default, dpacket will obscure the IP addresses and MAC addresses found in every packet it can parse. It's also useful to enable the --fix-checksums option which will correct any transport layer checksums of modified packet headers.

Download the executable and set the executable attribute:

curl -O https://github.com/DynamiteAI/dpacket/releases/0.0.1/dpacket; chmod +x dpacket

Then run it against a pcap file:

./dpacket -s my_test.pcap --fix-checksums

Features

As a portable command line utility, dpacket can easily be added to your favorite toolset. By default it anonymizes any MAC address found in a frame header as well as any IP address (IPv4 or IPv6) found in an IP header. In order to maintain the analytical value of the generated pcap, dpacket uses a deterministic approach for mapping original addresses to new ones. This ensures the same host-to-host relationships exist in the newly generated pcap file.

Other currently available features include:

  • Full IP Address anonymization
  • Full MAC Address anonymization
  • VLAN ID anonymization
  • VLAN Header removal
  • ARP Message anonymization and removal
  • ICMP Message anonymization and removal
  • Packet Payload Truncation
  • IP Length correction
  • Transport Header checksum correction
  • Flexible commmand-line options
  • Static configuration files can be exported and imported for reuse
  • Comprehensive reporting and stats

About

dpacket is a packet capture sanitization utility for creating PCAP files suitable for public release.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

0.1.5 Latest
Dec 8, 2023
+ 1 release

Packages

 
 
 

Contributors

Languages