[Snort-devel] anonymizer/sanitizer/chksum fixer

Phil Wood cpw at ...86...
Tue Nov 19 13:48:01 EST 2002


Folks,

I created the monster described at the URL below for Judy Novak at SANS a
few years ago.*  It's first purpose was to fix the checksums which were bad
do to the way the sanitized pcap file was built.  The second purpose was
to add an option to tcpdump that would change a particular network address
to something else.  

* Remember Andrew?

I've since incorporated the checksum subroutine in my bag program.  But,
that's another story.

Anyway, here is the pointer to where you can get this thing and try it out.

  http://public.lanl.gov/cpw/release

The script used to pull the stuff from tcpdump.org.  But, that's not 
available at this time.  So, I put copies of the tcpdump and libpcap source
there also.  The originals were retrieved around Jan 2002.  So, I'm saying
they are safe to use.  Here are the md5 checksums:

% md5 < libpcap-0.6.2.tar.gz
a6325b5fe429eba06294ce2db9263a66

% md5 < tcpdump-3.6.2.tar.gz
6bc8da35f9eed4e675bfdf04ce312248

These files will be pulled down by the procedure named build-tcpdumpz
found in Z-0.1.tar.gz.





More information about the Snort-devel mailing list