GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TRACEANON(1) User Commands TRACEANON(1)

traceanon - anonymise ip addresses of traces

traceanon [ -s | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix | --prefix=prefix ] [ -c key | --cryptopan=key ] [ -f key-file | --keyfile=file ] [ -z level | --compress-level=level ] [ -Z method | --compress-type=method ] sourceuri desturi

traceanon anonymises a trace by replacing IP addresses found in the IP header, and any embedded packets inside an ICMP packet. It also fixes the checksums inside TCP and UDP headers.

Two anonymisation schemes are supported, the first replaces a prefix with another prefix. This can be used for instance to replace a /16 with the equivilent prefix from RFC1918. The other scheme is cryptopan which is a prefix preserving encryption scheme based on AES.

-s
--encrypt-source
encrypt only source ip addresses.

-d
--encrypt-dest
encrypt only destination ip addresses.

-p
--prefix=prefix
substitute the high bits of the IP addresses with the provided prefix.

-c
--cryptopan=key
encrypt the IP addresses using the prefix-preserving cryptopan method using the key "key". The key can be up to 32 bytes long, and will be padded with NULL characters.

-f
--keyfile=file
encrypt the IP addresses using the prefix-preserving cryptopan method using the key specified in the file "file". The key must be 32 bytes long. A suitable method of generating a key is by using the command dd to read from /dev/urandom.

-z
--compress-level=level
compress the output trace using a compression level of "level". Compression level can range from 0 (no compression) through to 9. Higher compression levels require more CPU to compress data. Defaults to no compression.

-Z
--compress-type=method
compress the output trace using the compression algorithm "method". Possible algorithms are "gzip", "bzip2", "lzo" and "none". Default is "none". 

traceanon --cryptopan="fish go moo, oh yes they do" \
	--encrypt-source \
	--encrypt-dest \
	--compress-level=1 \
	--compress-type=gzip \
	erf:/traces/unenc.gz \
	erf:/traces/enc.gz \

This software should support encrypting based on the direction/interface flag.

IP addresses inside ARP's are not encrypted.

More details about traceanon (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1), traceends(1), tracetopends(1)

Perry Lorier <perry@cs.waikato.ac.nz>

October 2005 traceanon (libtrace)
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.