1 | .TH TRACEANON "1" "October 2005" "traceanon (libtrace)" "User Commands" |
---|
2 | .SH NAME |
---|
3 | traceanon \- anonymise ip addresses of traces |
---|
4 | .SH SYNOPSIS |
---|
5 | .B traceanon |
---|
6 | [ \-s | \-\^\-encrypt-source ] |
---|
7 | [ \-d | \-\^\-encrypt-dest ] |
---|
8 | [ \-p prefix | \-\^\-prefix=prefix ] |
---|
9 | [ \-c key | \-\^\-cryptopan=key ] |
---|
10 | [ \-F key-file | \-\^\-keyfile=file ] |
---|
11 | [ \-f expr | \-\^\-filter=expr ] |
---|
12 | [ \-z level | \-\^\-compress-level=level ] |
---|
13 | [ \-Z method | \-\^\-compress-type=method ] |
---|
14 | [ \-t threadcount | \-\^\-threads=threadcount ] |
---|
15 | |
---|
16 | sourceuri |
---|
17 | desturi |
---|
18 | .SH DESCRPTION |
---|
19 | traceanon anonymises a trace by replacing IP addresses found in the IP header, |
---|
20 | and any embedded packets inside an ICMP packet. It also replaces the checksums |
---|
21 | inside TCP, UDP and ICMPv6 headers with zeroes. |
---|
22 | |
---|
23 | Two anonymisation schemes are supported, the first replaces a prefix with |
---|
24 | another prefix. This can be used for instance to replace a /16 with the |
---|
25 | equivilent prefix from RFC1918. The other scheme is cryptopan which is a |
---|
26 | prefix preserving encryption scheme based on AES (traceanon must be built |
---|
27 | with libcrypto support to be able to use the cryptopan scheme). |
---|
28 | .TP |
---|
29 | .PD 0 |
---|
30 | .BI \-s |
---|
31 | .TP |
---|
32 | .PD |
---|
33 | .BI \-\^\-encrypt-source |
---|
34 | encrypt only source ip addresses. |
---|
35 | |
---|
36 | .TP |
---|
37 | .PD 0 |
---|
38 | .BI \-d |
---|
39 | .TP |
---|
40 | .PD |
---|
41 | .BI \-\^\-encrypt-dest |
---|
42 | encrypt only destination ip addresses. |
---|
43 | |
---|
44 | .TP |
---|
45 | .PD 0 |
---|
46 | .BI \-p |
---|
47 | .TP |
---|
48 | .PD |
---|
49 | .BI \-\^\-prefix=prefix |
---|
50 | substitute the high bits of the IP addresses with the provided IPv4 prefix. |
---|
51 | This method will only anonymise IPv4 addresses; IPv6 packets will be untouched. |
---|
52 | |
---|
53 | .TP |
---|
54 | .PD 0 |
---|
55 | .BI \-c |
---|
56 | .TP |
---|
57 | .PD |
---|
58 | .BI \-\^\-cryptopan=key |
---|
59 | encrypt the IP addresses using the prefix-preserving cryptopan method using |
---|
60 | the key "key". The key can be up to 32 bytes long, and will be padded with |
---|
61 | NULL characters. |
---|
62 | |
---|
63 | |
---|
64 | .TP |
---|
65 | .PD 0 |
---|
66 | .BI \-F |
---|
67 | .TP |
---|
68 | .PD |
---|
69 | .BI \-\^\-keyfile=file |
---|
70 | encrypt the IP addresses using the prefix-preserving cryptopan method using |
---|
71 | the key specified in the file "file". The key must be 32 bytes |
---|
72 | long. A suitable method of generating a key is by using the command dd to read |
---|
73 | from /dev/urandom. |
---|
74 | |
---|
75 | .TP |
---|
76 | .PD 0 |
---|
77 | .BI \-f |
---|
78 | .TP |
---|
79 | .PD |
---|
80 | .BI \-\^\-filter=expr |
---|
81 | Discard all packets that do not match the BPF expression specified in 'expr'. |
---|
82 | Filtering is applied *before* any anonymisation occurs, so IP address filters |
---|
83 | will attempt to match against the original unencrypted addresses. |
---|
84 | |
---|
85 | |
---|
86 | .TP |
---|
87 | .PD 0 |
---|
88 | .BI \-z |
---|
89 | .TP |
---|
90 | .PD |
---|
91 | .BI \-\^\-compress-level=level |
---|
92 | compress the output trace using a compression level of "level". Compression |
---|
93 | level can range from 0 (no compression) through to 9. Higher compression levels |
---|
94 | require more CPU to compress data. Defaults to no compression. |
---|
95 | |
---|
96 | .TP |
---|
97 | .PD 0 |
---|
98 | .BI \-Z |
---|
99 | .TP |
---|
100 | .PD |
---|
101 | .BI \-\^\-compress-type=method |
---|
102 | compress the output trace using the compression algorithm "method". Possible |
---|
103 | algorithms are "gzip", "bzip2", "lzo", "xz" and "none". Default is "none". |
---|
104 | |
---|
105 | .TP |
---|
106 | .PD 0 |
---|
107 | .BI \-t |
---|
108 | .TP |
---|
109 | .PD |
---|
110 | .BI \-\^\-threads=threadcount |
---|
111 | use the specified number of threads to anonymise packets. The default number |
---|
112 | of threads is 4. |
---|
113 | |
---|
114 | .SH EXAMPLES |
---|
115 | .nf |
---|
116 | traceanon \-\^\-cryptopan="fish go moo, oh yes they do" \\ |
---|
117 | \-\^\-encrypt-source \\ |
---|
118 | \-\^\-encrypt-dest \\ |
---|
119 | \-\^\-compress-level=1 \\ |
---|
120 | \-\^\-compress-type=gzip \\ |
---|
121 | erf:/traces/unenc.gz \\ |
---|
122 | erf:/traces/enc.gz \\ |
---|
123 | .fi |
---|
124 | |
---|
125 | .SH BUGS |
---|
126 | This software should support encrypting based on the direction/interface flag. |
---|
127 | |
---|
128 | IP addresses inside ARP's are not encrypted. |
---|
129 | |
---|
130 | .SH LINKS |
---|
131 | More details about traceanon (and libtrace) can be found at |
---|
132 | http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation |
---|
133 | |
---|
134 | .SH SEE ALSO |
---|
135 | libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), |
---|
136 | tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1), |
---|
137 | tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1), |
---|
138 | traceends(1), tracetopends(1) |
---|
139 | |
---|
140 | .SH AUTHORS |
---|
141 | Perry Lorier <perry@cs.waikato.ac.nz> |
---|
142 | Shane Alcock <salcock@waikato.ac.nz> |
---|
143 | Richard Sanger <rjs51@students.waikato.ac.nz> |
---|