What is SCRUB-tcpdump?
SCRUB-tcpdump is a set of functions that are used to anonymize a packetflow trace in libpcap or tcpdump format
so that it can be used to collaborate or release without jeapordizing the anonymity of the network represented by
the capture flow. SCRUB-tcpdump allows the user to select from a variety of options for anonymizing fields like
the ports, IP addresses, time-stamps, transport protocols, flags, options, etc. For more information on how to
download and use SCRUB-tcpdump see our Download page. If you would like to see the results
of studies about SCRUB-tcpdump and its impacts and uses in security analysis, please see Papers
and read about it there.
Version 0.1 now released
We have now released Version 0.1 of our software. Pick it up from the link on the download
page. It is not pretty to build (you will need libpcap's dev files and the basic netinet headers) installed to
a "sane" location, but the included Makefile has been tested on Solaris, Mac OS X and two different Linuxes
without a problem. Windows support is unknown, but also unlikely with this release. Hopefully a future release
will allow that support.
We have nearly copmleted an internal-alpha of the project and are now awaiting final approval and testing on
it before we package up a public alpha of the release. We have also begun working towards an initial release
of the project as a patch set for the standard tcpdump sources. Stay tuned for upcoming news!
Our current goal is to wrap up the stand-alone version of the code as soon as possible and we will then be working
on updates to the speed of the code in certain areas. We are also in the beginnings of a port to the standard
TCPDump tree and will be releasing the code in both forms as soon as we are able to. That will allow in-place
capture and anonymization of datasets with the same tool, while still allowing the functionality of anonymizing
exsiting capture files. Our speed optimizations will be key to making this in-place anonymization viable.