lunar (1) traceanon.1.gz

Provided by: libtrace-tools_3.0.21-1ubuntu5_amd64 bug

NAME

       traceanon - anonymise ip addresses of traces

SYNOPSIS

       traceanon  [ -s | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix | --prefix=prefix
       ] [ -c key | --cryptopan=key ] [ -f key-file | --keyfile=file ] [ -z level  |  --compress-
       level=level ] [ -Z method | --compress-type=method ] sourceuri desturi

DESCRPTION

       traceanon  anonymises  a  trace  by replacing IP addresses found in the IP header, and any
       embedded packets inside an ICMP packet.  It also fixes the checksums inside  TCP  and  UDP
       headers.

       Two  anonymisation schemes are supported, the first replaces a prefix with another prefix.
       This can be used for instance to replace a /16 with the equivilent  prefix  from  RFC1918.
       The other scheme is cryptopan which is a prefix preserving encryption scheme based on AES.

       -s
       --encrypt-source
              encrypt only source ip addresses.

       -d
       --encrypt-dest
              encrypt only destination ip addresses.

       -p
       --prefix=prefix
              substitute the high bits of the IP addresses with the provided prefix.

       -c
       --cryptopan=key
              encrypt the IP addresses using the prefix-preserving cryptopan method using the key
              "key".  The key can be  up  to  32  bytes  long,  and  will  be  padded  with  NULL
              characters.

       -f
       --keyfile=file
              encrypt the IP addresses using the prefix-preserving cryptopan method using the key
              specified in the file "file".  The key must be 32 bytes long. A suitable method  of
              generating a key is by using the command dd to read from /dev/urandom.

       -z
       --compress-level=level
              compress  the  output trace using a compression level of "level". Compression level
              can range from 0 (no compression) through to 9. Higher compression  levels  require
              more CPU to compress data. Defaults to no compression.

       -Z
       --compress-type=method
              compress  the  output  trace  using  the  compression  algorithm "method". Possible
              algorithms are "gzip", "bzip2", "lzo", "xz" and "none". Default is "none".

EXAMPLES

       traceanon --cryptopan="fish go moo, oh yes they do" \
            --encrypt-source \
            --encrypt-dest \
            --compress-level=1 \
            --compress-type=gzip \
            erf:/traces/unenc.gz \
            erf:/traces/enc.gz \

BUGS

       This software should support encrypting based on the direction/interface flag.

       IP addresses inside ARP's are not encrypted.

       More    details    about    traceanon    (and    libtrace)     can     be     found     at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO

       libtrace(3),     tracemerge(1),     tracefilter(1),     traceconvert(1),    tracestats(1),
       tracesummary(1),  tracertstats(1),   tracesplit(1),   tracesplit_dir(1),   tracereport(1),
       tracepktdump(1), tracediff(1), tracereplay(1), traceends(1), tracetopends(1)

AUTHORS

       Perry Lorier <perry@cs.waikato.ac.nz>