Getting Started

Introduction Registration Capture PCAPs Anonymize PCAPs Upload Feature comparision

PCAP Browser

Overview Search Mass Actions Basic Information Connection view Comments Tags DNS View Indices Capture Point Visualization

Indexing

Defaut Indexer Reindexing Settings

Analyze

Overview Packet List Filter Bar Decode Hex View Explain Field Edit PCAP Graph View Statistics Decryption

Settings

Overview Profile Indexer Roles Tags

Account Management

Profile Deletion

Help

Application errors

Encyclopedia

Initial Round Trip Time Server Name Indication Packet Slicing PCAPng

How to anonymize a PCAP

If your PCAP contains sensitive information we recommend that you anonymize it before uploading

PCAPs may contain sensitive information that you might not want to expose to a shared environment. We recommend that you anonymize all trace files that contain personal information with Trace Wrangler before uploading. You can find a good tutorial here The Wireshark Q&A trace file sharing tutorial.

Tracewrangler can anonymize packets until layer 4 (UDP/TCP/ICMP/ICMPv6). If your PCAPs contain sensitive data in Layer 7 protocols (HTTP, SMTP, SMB, etc) we recommend you to use packet slicing to remove the data payload from the packets before uploading the trace files.