.TH TRACEANON "1" "October 2005" "traceanon (libtrace)" "User Commands" .SH NAME traceanon \- anonymise ip addresses of traces .SH SYNOPSIS .B traceanon [ \-s | \-\^\-encrypt-source ] [ \-d | \-\^\-encrypt-dest ] [ \-p prefix | \-\^\-prefix=prefix ] [ \-c key | \-\^\-cryptopan=key ] [ \-F key-file | \-\^\-keyfile=file ] [ \-f expr | \-\^\-filter=expr ] [ \-z level | \-\^\-compress-level=level ] [ \-Z method | \-\^\-compress-type=method ] [ \-t threadcount | \-\^\-threads=threadcount ] sourceuri desturi .SH DESCRPTION traceanon anonymises a trace by replacing IP addresses found in the IP header, and any embedded packets inside an ICMP packet. It also replaces the checksums inside TCP, UDP and ICMPv6 headers with zeroes. Two anonymisation schemes are supported, the first replaces a prefix with another prefix. This can be used for instance to replace a /16 with the equivilent prefix from RFC1918. The other scheme is cryptopan which is a prefix preserving encryption scheme based on AES (traceanon must be built with libcrypto support to be able to use the cryptopan scheme). .TP .PD 0 .BI \-s .TP .PD .BI \-\^\-encrypt-source encrypt only source ip addresses. .TP .PD 0 .BI \-d .TP .PD .BI \-\^\-encrypt-dest encrypt only destination ip addresses. .TP .PD 0 .BI \-p .TP .PD .BI \-\^\-prefix=prefix substitute the high bits of the IP addresses with the provided IPv4 prefix. This method will only anonymise IPv4 addresses; IPv6 packets will be untouched. .TP .PD 0 .BI \-c .TP .PD .BI \-\^\-cryptopan=key encrypt the IP addresses using the prefix-preserving cryptopan method using the key "key". The key can be up to 32 bytes long, and will be padded with NULL characters. .TP .PD 0 .BI \-F .TP .PD .BI \-\^\-keyfile=file encrypt the IP addresses using the prefix-preserving cryptopan method using the key specified in the file "file". The key must be 32 bytes long. A suitable method of generating a key is by using the command dd to read from /dev/urandom. .TP .PD 0 .BI \-f .TP .PD .BI \-\^\-filter=expr Discard all packets that do not match the BPF expression specified in 'expr'. Filtering is applied *before* any anonymisation occurs, so IP address filters will attempt to match against the original unencrypted addresses. .TP .PD 0 .BI \-z .TP .PD .BI \-\^\-compress-level=level compress the output trace using a compression level of "level". Compression level can range from 0 (no compression) through to 9. Higher compression levels require more CPU to compress data. Defaults to no compression. .TP .PD 0 .BI \-Z .TP .PD .BI \-\^\-compress-type=method compress the output trace using the compression algorithm "method". Possible algorithms are "gz", "bz", "lzo", "xz" and "no". Default is "no". .TP .PD 0 .BI \-t .TP .PD .BI \-\^\-threads=threadcount use the specified number of threads to anonymise packets. The default number of threads is 4. .SH EXAMPLES .nf traceanon \-\^\-cryptopan="fish go moo, oh yes they do" \\ \-\^\-encrypt-source \\ \-\^\-encrypt-dest \\ \-\^\-compress-level=1 \\ \-\^\-compress-type=gzip \\ erf:/traces/unenc.gz \\ erf:/traces/enc.gz \\ .fi .SH BUGS This software should support encrypting based on the direction/interface flag. IP addresses inside ARP's are not encrypted. .SH LINKS More details about traceanon (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation .SH SEE ALSO libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracepktdump(1), tracediff(1), tracereplay(1), traceends(1), tracetopends(1) .SH AUTHORS Perry Lorier Shane Alcock Richard Sanger