Naudit ensures complete confidentiality of your data and the report obtained from your trace. However, to ensure your privacy, you can choose to anonymize the trace so that it will not be possible to obtain any private data from captured traffic (IP addresses, application-level data), but the information will be kept in order that the analysis will be valid for your network.

For this process you can use an open-source tool like tcpreplay. Here are the steps for installation and the usage instructions.

Download: tcpreplay

tcpreplay installation

GNU/Linux

Mac OS X

  1. Install Homebrew

    ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"

  2. Prepare

    brew doctor

  3. Install tcpreplay

    brew install tcpreplay

Windows

  1. Install cygwin (it is important to include gcc, ccache and make, as well as all the dependencies indicated).

     Download: http://cygwin.com/setup.exe

  2. Install WinPcap (libpcap port for Windows). You must install the driver/DLL and the developers version. All files should be placed in the root directory of cygwin installation in a folder called Wpdpack.

    driver/DLL: http://www.winpcap.org/install/default.htm

    Developers version: http://www.winpcap.org/devel.htm

  3. Download and extract the latest version of tcpreplay (currently the latest version of the stable branch, complatible Windows, is the 3.4.4).

    Sourceforge download:

    http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.4.4.tar.gz?download

    GitHub: https://github.com/synfinatic/tcpreplay/tree/3.4

  4. Install tcpreplay

    1. Open a cygwin terminal and navigate to the folder where you extracted tcpreplay.

    2. Run ./configure (if it shows an error by the lack of libraries, re-open the cygwin installation and select the missing packages).

    3. Run make

    4. Run make install

Anonymize

If you want to truncate your data above the transport layer:

tcprewrite --mtu=64 --mtu-trunc --infile=traza.pcap --outfile=trazatrunc.pcap

To anonymize the trace (hidding IP addresses) you must run the following command. It will change the IP of your packages by others random:

tcprewrite --seed=423 --infile=traza.pcap --outfile=trazaanon.pcap --skipbroadcast

Note: you can change the seed for another you want.