[Snort-devel] anonymizer/sanitizer/chksum fixer

Phil Wood cpw at ...86...
Tue Nov 19 13:48:01 EST 2002


I created the monster described at the URL below for Judy Novak at SANS a
few years ago.*  It's first purpose was to fix the checksums which were bad
do to the way the sanitized pcap file was built.  The second purpose was
to add an option to tcpdump that would change a particular network address
to something else.  

* Remember Andrew?

I've since incorporated the checksum subroutine in my bag program.  But,
that's another story.

Anyway, here is the pointer to where you can get this thing and try it out.


The script used to pull the stuff from tcpdump.org.  But, that's not 
available at this time.  So, I put copies of the tcpdump and libpcap source
there also.  The originals were retrieved around Jan 2002.  So, I'm saying
they are safe to use.  Here are the md5 checksums:

% md5 < libpcap-0.6.2.tar.gz

% md5 < tcpdump-3.6.2.tar.gz

These files will be pulled down by the procedure named build-tcpdumpz
found in Z-0.1.tar.gz.

More information about the Snort-devel mailing list