What is SCRUB-tcpdump?
SCRUB-tcpdump is a set of functions that are used to anonymize a packetflow trace in libpcap or tcpdump format so that it can be used to collaborate or release without jeapordizing the anonymity of the network represented by the capture flow. SCRUB-tcpdump allows the user to select from a variety of options for anonymizing fields like the ports, IP addresses, time-stamps, transport protocols, flags, options, etc. For more information on how to download and use SCRUB-tcpdump see our Download page. If you would like to see the results of studies about SCRUB-tcpdump and its impacts and uses in security analysis, please see Papers and read about it there.
Version 0.1 now released
We have now released Version 0.1 of our software. Pick it up from the link on the download page. It is not pretty to build (you will need libpcap's dev files and the basic netinet headers) installed to a "sane" location, but the included Makefile has been tested on Solaris, Mac OS X and two different Linuxes without a problem. Windows support is unknown, but also unlikely with this release. Hopefully a future release will allow that support.
We have nearly copmleted an internal-alpha of the project and are now awaiting final approval and testing on it before we package up a public alpha of the release. We have also begun working towards an initial release of the project as a patch set for the standard tcpdump sources. Stay tuned for upcoming news!
Our current goal is to wrap up the stand-alone version of the code as soon as possible and we will then be working on updates to the speed of the code in certain areas. We are also in the beginnings of a port to the standard TCPDump tree and will be releasing the code in both forms as soon as we are able to. That will allow in-place capture and anonymization of datasets with the same tool, while still allowing the functionality of anonymizing exsiting capture files. Our speed optimizations will be key to making this in-place anonymization viable.