I used Wireshark on my MacBook Pro to get the traces. Unfortunately for my purposes today, traces from on of the FTP servers I was connecting to contained a password that I did not want to disclose (FTP sends passwords in plain text, which is why SFTP or SCP are better options when available).
So, to sanitize the TCPDUMP file before shipping it off to $VENDOR, I used the command line tool editcap to delete from it the packet containing my password. Unfortunately, the binary version of Wireshark I installed on my Mac didn't include editcap.
Parallels to the rescue. I fired up my CentOS 5 virtual machine, installed the complete Wireshark package via "yum install wireshark," and was then able to run:
# editcap foo.pcap sanitized.pcap 10
This took the capture file called foo.pcap, stripped out the 10th packet (which contained my password) and then created a new file called sanitized.pcap.
I could then safely send off the capture file.
No comments:
Post a Comment