I have several PCAP files which contain network traffic. To perform some experiments for a network experiment, I need real data with completely randomized IP addresses.
I am well aware about the possibilities of tcprewrite, which can be used with the seed parameter like this:
tcprewrite --seed=423 --infile=input.pcap --outfile=output.pcap
According to the document, the sessions between hosts is maintained when using this method. This however does not provide enough randomness for me based on the available dataset. As an example assume a large PCAP file with many packets, which however only contains the traffic between two hosts. Randomizing this trace with the method mentioned above simply replaces both IP addresses with another two. There are still two addresses in total.
I would like to change the IP addresses completely independent from the original IP to be uniformly distributed either among all available IP space or within a given prefix.
As an example, I would like to change all destination addresses in a PCAP file to be uniformly and randomly distributed within the range 10.0.0.0/8, without maintaining the original mapping.
Hence the question is: How to completely randomize IP addresses in a PCAP file?
Ideally I would like to specify the IP range in which the addresses are randomized, so basically: How to set all destination addresses to a random address from the range 10.0.0.0/8?
Best Answer
The Wireshark Wiki lists many options to investigate.
These tools can be used to "anonymize" capture files, replacing fields such as IP addresses with randomized values.
Additionally, a quick google search turned up sanicap on github.