Free online PCAP Anonymizer

Obfuscate your Wireshark PCAP captures

free online pcap anonymize

Make any Wireshark capture GDPR / LGPD compliant

For processing Wireshark captures without any limit,

download and install the tool on your PC

Anonymize your Layer 2 ethernet data:

  • anonymize ethernet addresses
    • Note: we do anonymize ANY ethernet address which is known in Wireshark as Field Type Ethernet Address, independent on which layer it occurs

Anonymize your Layer 3 IPv4 data:

  • anonymize the IP addresses
  • set default IPv4 TTL value
  • recalculate IPv4 header checksum
    • Note: we do anonymize ANY IPv4 address which is known in Wireshark as Field Type IPv4, independent on which layer it occurs

Anonymize your Layer 7 data:

  • We do anonymize fully automatic sensitive info in following protocols (in alfabetical order):
    • a11, ansi_map, arp, browser, capwap, cdp, cflow, dcerpc, dhcp, dhcpv6, diameter, dns, dtp, e164, e212, eap, eth, ftp, ftp-data, gsm_a, gsm_map, gsm-r-uus1, gsm_sms, gsm_sms_ud, gtp, gtpv2, hsrp, hsrp2, http, http2, icmpv6, imap, imei, imf, imsi, inap, ip, ipcp, ipv6, ipx, isup, kerberos, lacp, ldap, ldp, llc, lldp, lsarpc, mgcp, msisdn, mqtt, nbdgm, nbns, netbios, netlogon, ntp, ntlmssp, ospf, pap, pop, pppoed, gquic, quic, radius, ranap, rip, rtcp, rtp, rtpevent, sccp, sctp, sdp, sip, sll, smb, smb2, smtp, snmp, stp, syslog, telnet, tftp, tls, tns, udld, uma, vnc, vrrp, vtp, whois, wlan, x509ce

Anonymize any other protocol?

Do you want any other protocol or parameter to be anonymized? Just send us an email.

In principle, we can anonymize any protocol any parameter and any flow easily.

Generating GDPR compliant Wireshark captures

We can generate GDPR compliant Wireshark captures: we can make any wireshark capture "anonymous". This means we can generate based on an existing Wireshark capture a new wireshark capture where all customer IP addresses are replaced by unique 10.x.x.x IP addresses. This way, no customer details are visible anymore.

We can also overwrite specific data inside wireshark packets with e.g. "xxx". 

Anonymize your VoIP Wireshark captures

Lets face it: a Wireshark VoIP capture contains a lot of personal data. Phone numbers, names, who is calling who, IP addresses, (hashed) digest passwords and if RTP is present it contains even the full voice stream of what was said during a phone call. Sensitive information that you don't want to pass to any third party. 

However, if you face any VoIP issues, the helpdesk of your external partner will ask for such Wireshark captures. 

Many customer fear to share so much personal and company sensitive information with third parties.

What if you could convert your existing wireshark capture to a wireshark capture that still contains all SIP messages, errors, warnings, flows etc, but where the sensitive info was by some magic replaced?

If that sounds like heaven to you, then the VoIP AnalyzerTool will fit you like a glove.

We support following: 

  • hashed digest passwords responses are overwritten with xxx
  • user names are overwitten with xxx
  • phone numbers are overwritten with xxx
  • customer IP addresses are overwritten with with a unique 10.x.x.x value
  • RTP voice is overwritten with a new anonymous voice sample
anonymize Wireshark

 

Anonymize RTP voice packets

The VoIP Analyzer Tool can anonymize RTP speech packets inside a wireshark file

  • RTP headers are not changed, only the speech samples are replaced
  • RTP packet drop, jitter, delay etc is still exact the same as inside the original RTP packets

 

EU: General Data Protection Regulation - GDPR compliant Wireshark captures

Brazil: Lei Geral de Proteção de Dados - LGPD compliant Wireshark captures

The GDPR regulation states that personal data cannot be shared with 3rd parties just like that. Simular for the LGDP regulation.

Privacy issues will arise when you want to share a Wireshark capture with a 3rd party e.g. to receive support on any VoIP or network issue.

With the VoIP Analyzer Tool you can make any Wireshark VoIP trace anonymous, while the original SIP message types, the timing, the flow etc is still unchanged. The only thing that is overwritten automatically are the personal data like phone numbers, names, IP addresses etc.

 

Before and after anonymizing

The SIP INVITE in the original Wireshark capture :

SIP not gdpr

The SIP INVITE in the anonymized Wireshark capture :

SIP anonymous

See here which output the VoIP Analyzer Tool generates:

Download here the VoIP Analyzer Tool. Free trial for 30 days.

30 days free trial

Some questions? Visit our online help.

Note: making pcaps anonymous is sometimes also "obfuscate" called.

For news and updates follow us on LinkedIn  logo