Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TRACEANON(1)			 User Commands			  TRACEANON(1)

NAME
       traceanon - anonymise ip	addresses of traces

SYNOPSIS
       traceanon [ -s |	--encrypt-source ] [ -d	| --encrypt-dest ] [ -p	prefix
       | --prefix=prefix ] [ -c	key | --cryptopan=key ]	[ -f key-file |	--key-
       file=file  ] [ -z level | --compress-level=level	] [ -Z method |	--com-
       press-type=method ] sourceuri desturi

DESCRPTION
       traceanon anonymises a trace by replacing IP addresses found in the  IP
       header,	and any	embedded packets inside	an ICMP	packet.	 It also fixes
       the checksums inside TCP	and UDP	headers.

       Two anonymisation schemes are supported,	the first  replaces  a	prefix
       with  another  prefix.	This can be used for instance to replace a /16
       with the	equivilent prefix from RFC1918.	 The other scheme is cryptopan
       which is	a prefix preserving encryption scheme based on AES.

       -s
       --encrypt-source
	      encrypt only source ip addresses.

       -d
       --encrypt-dest
	      encrypt only destination ip addresses.

       -p
       --prefix=prefix
	      substitute  the  high bits of the	IP addresses with the provided
	      prefix.

       -c
       --cryptopan=key
	      encrypt the IP addresses using the  prefix-preserving  cryptopan
	      method using the key "key".  The key can be up to	32 bytes long,
	      and will be padded with NULL characters.

       -f
       --keyfile=file
	      encrypt the IP addresses using the  prefix-preserving  cryptopan
	      method using the key specified in	the file "file".  The key must
	      be 32 bytes long.	A suitable method of generating	a  key	is  by
	      using the	command	dd to read from	/dev/urandom.

       -z
       --compress-level=level
	      compress	the output trace using a compression level of "level".
	      Compression level	can range from 0 (no compression)  through  to
	      9.  Higher compression levels require more CPU to	compress data.
	      Defaults to no compression.

       -Z
       --compress-type=method
	      compress	the  output  trace  using  the	compression  algorithm
	      "method".	 Possible  algorithms  are  "gzip", "bzip2", "lzo" and
	      "none". Default is "none".

EXAMPLES
       traceanon --cryptopan="fish go moo, oh yes they do" \
	    --encrypt-source \
	    --encrypt-dest \
	    --compress-level=1 \
	    --compress-type=gzip \
	    erf:/traces/unenc.gz \
	    erf:/traces/enc.gz \

BUGS
       This software should support encrypting based on	 the  direction/inter-
       face flag.

       IP addresses inside ARP's are not encrypted.

LINKS
       More   details	about	traceanon  (and	 libtrace)  can	 be  found  at
       http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation

SEE ALSO
       libtrace(3), tracemerge(1),  tracefilter(1),  traceconvert(1),  traces-
       tats(1),	  tracesummary(1),   tracertstats(1),  tracesplit(1),  traces-
       plit_dir(1), tracereport(1),  tracepktdump(1),  tracediff(1),  tracere-
       play(1),	traceends(1), tracetopends(1)

AUTHORS
       Perry Lorier <perry@cs.waikato.ac.nz>

traceanon (libtrace)		 October 2005			  TRACEANON(1)

NAME | SYNOPSIS | DESCRPTION | EXAMPLES | BUGS | LINKS | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=traceanon&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help