Wireshark-bugs: [Wireshark-bugs] [Bug 8349] Wireshark writes names to NRB that do not appear in
Date: Thu, 04 Apr 2013 19:06:17 +0000

Comment # 8 on bug 8349 from
(In reply to comment #7)
> (In reply to comment #6)
> > > That's too bad. Seems as if there is a need for a new fix, which would
> > > remove any NRB entries for IPs that aren't in the frames being saved to disk.
> > 
> > Why would that be a requirement? I think it my be costly performance wise
> > to match the name resolution table to IP addresses in the capture at save so
> > if it's to be done there has to be a good reason.
> 
> Two reasons: Privacy and Confidentiality.
> 
> Let's say a user need to share a capture file containing a single packet in
> order to get help with some troubleshooting. He captures traffic on his LAN
> and filters out a single packet, which is saved to a new pcapng-file. This
> PcapNG-file can, however, still contain several NRB entries for hosts that
> the user didn't wanna reveal.
> 
> Here is a real-world example, where I was able to reveal the identity of an
> "anonymous" user who had sniffed traffic from the Great Firewall of China:
> 
> http://www.netresec.com/?page=Blog&month=2013-02&post=Forensics-of-Chinese-
> MITM-on-GitHub

For Privacy and Confidentiality Writing NO NRB might be a better soulution...


You are receiving this mail because:
  • You are watching all bug changes.