GDPR Compliance for your Pcap files
all stacks, all layers

SafePCAP is a scriptable L2-L7 Pcap anonymizer, sanitizer, scrambler, universal full-stack editor and a GDPR Compliance Solution. SafePCAP allows for easy editing of Pcap data in situ at any stack layer while fully preserving the data binary integrity. Data modifications are done in a break-proof manner with the lengths, checksums, offsets and all other service fields auto-recalculated for all affected protocol layers. A file sanitized with SafePcap allows for effective forensic analysis with commonly used Pcap analysis tools like Wireshark™. Automation is fully supported via SafePCAP CLI.

Hundreds of protocol stacks are supported. Full support for all 3G/LTE 3GPP Mobile Core protocols and interfaces including SS7, RANAP, DIAMETER, and VoLTE. For example, the following command scrambles IMSI values by replacing MCC (Mobile Country Code) prefix 262 for Germany with the one for US (310) using a simple RegEx:

-

SafePCAP is a GDPR compliance solution for Pcap files

Key Features
WYSIWYG Packet Editing

Visually edit a captured packet at any stack layer. Obfuscate any field. Add/Delete an optional field of the packet with a click.

Auto Anonymization

Pre-programmed anonymization commands. With a few clicks obfuscate IP addresses at all layers (L2-L4), phone and IMSI numbers, texts, email addresses, etc.

Custom Data Obfuscation

Use a RegEx to target specific data at a specific field of a specific protocol layer for editing/obfuscation. Easily create custom obfuscation functions.

Auto Dependencies ReCalc

Dependencies in the modified data are recalculated automatically. No worry about offsets, checksums, encoding, etc.

Total Automation

Automation is supported. To repeat a multi-step editing/scrubbing operation, run each step from a CLI in a batch file.

Frequently Asked Questions
What problem SafePCAP is trying to address? What does it have to do with GDPR?

A Packet Capture (Pcap) file is "bits on the wire" -- a time-stamped collection of packets binaries captured in a network. Easy sharing of Pcap files is essential for development, monitoring, and troubleshooting of computer networks. Unfortunately the proprietary data often present in the files makes sharing "as is" problematic. The files have to be sanitized first.

Selectively scrambling data in the captured network traffic while preserving the overall binary integrity of the data is hard due to the number and variety of the protocols involved and the complexity of packets' intra and inter-dependencies. The problem is especially acute for Mobile Network Operators as the Pcap files captured in a Mobile Packet Core contain personal data such as text messages, phone numbers, IMSIs, etc.

In absence of the capability to selectively obfuscate the Pcap data "in place" while leaving the integrity of the data intact, the sharing problem has been addressed by having NDAs between the parties involved. With no NDA in place the popular option is to dump the decoded Pcap file into text, obfuscate the sensitive parts there, and share the resulted text file. Another approach is to zero out the packet data above TCP/UDP. The downside of both approaches is a loss of information about the binary structure of the data. This often makes effective analysis of the shared data impossible.

The arrival of GDPR has made sharing of Pcap files even more problematic. The NDA is no longer enough. Personal data could no longer be shared across national borders. This presents an additional challenge to multinational companies, as the Pcap files could not be freely shared within the company boundaries. SafePcap is built to address these problems.

What is GDPR?

GDPR stands for General Data Protection Regulation. It's a new EU cunsumer data protection law. More about GDPR here...

What's the difference between SafePCAP and WireEdit?

Both tools are created by Omnipacket. WireEdit is a demo Desktop application available for a free download. It has limitations and isn't intended for a production environment. Use WireEdit on your own risk.

SafePCAP is an enterprise-level commercial product. Its features and capabilities are a superset of WireEdit features and capabilities. The major additional SafePCAP features/capabilities are: pcapng format support, native builds for Linux and OSX, support for large files (> 2 Gig), hundreds of additional protocols, fine-grained replace operations, higher speed of execution, GDPR Compliance algorithms, support for Command Line Interface, enterprise-level support.

What data is considered sensitive in Pcap files?

IP Addresses, port numbers, phone numbers, IMSI numbers, email addresses, passwords, texts, HTTP headers, etc. In fact, data at any stack layer could be considered sensitive in some use cases. SafePcap allows anonymizing data of any type at any stack layer of captured network packets while fully preserving the packets binary integrity. Specific values in specifically named data fields at a specific network stack layer could be precisely targeted for bulk anonymization.

What is the difference between SafePCAP and other packet editing tools?

One could think of SafePCAP as a Microsoft Word™ for network packets. All other packet editing tools are very limited in their ability to edit binary encoded stack layers above TCP/UDP without breaking packets integrity. SafePCAP is a full-stack packet editor by design.

What is the difference between SafePCAP and other Pcap anonymizers?

Other tools can't anonymize binary encoded stack layers above UDP/TCP. Instead, they take a simplistic approach of zeroing them out. This approach is far from ideal for many use cases. For example, it makes an effective analysis of anonymized 3GPP Mobile Core Pcap files impossible.

A popular opinion on the Subj is expressed here. Our response is here. SafePcap by design allows editing/obfuscation of any field at any stack layer above TCP/UDP without breaking packets' binary integrity.

What language SafePCAP is written on?

Highly optimized C++. One needs every cycle to process large Pcap files.

Do you support editing/anonymizarion of ASN.1 based protocol layers?

Yes, absolutely! Watch this short video: Editing GSM Mobile Application Part.

Are there *any* limitations on what network protocols could be supported by SafePcap?

No, provided we have the specs.

What protocols are supported by SafePCAP today?

New protocols are added all the time. Here is the partical list:

IP, Ethernet II, IEEE 802.1Q, IPv4, IPv6, UDP, TCP, SCTP, GRE, TLS, TPKT, VXLAN, NetBIOS, SMB, HTTP, HTTP2, FTP, IMAP, POP3, DNS, NTP, OpenFlow, MODBUS, FIXT, ICMPv4, ICMPv6, IGMP Ver 1, IGMP Ver 2, IGMP Ver 3, TELNET, SSH, DHCP, DHCPv6, ARP, RARP, LLDP, XMPP, LDAP, SNMPv1, SNMPv2c, SNMPv2u, SNMPv3, RSVP, BGP, OSPF, CAPWAP, DTLS, SoupBinTCP, NASDAQ OUCH 4.2, CPE-WAN over SOAP, HNCP, Radiotap, IEEE 802.11, L2TPv2, L2TPv3, 802.3/LLC, Cisco AN, Cisco AN, ESP, ISAKMP, CESoPSN, PPPoE, PPPoE, PPP, PPP LCP, PPP IPCP, PPP PAP, SIP, RTP, RTCP, RFC 2833, CISCO Skinny, MSRP, DIAMETER, H.248.1 v1 Text, H.248.1 v1 BER, H.248.1 v2 Text, H.248.1 v2 BER, H.248.1 v3 Text, H.248.1 v3 BER, Q.931/H.225, MGCP, H.323, H.245, RADIUS, SDP, IMS XML App part, T.38, SCSI, iSCSI, SCSI, MODBUS, Bluetooth, HCI, L2CAP, DNP3, MPEG2 TS, DOCSIS, MTP3b ITU, MTP3 ITU, MTP T&M ITU, BICC ITU, ISUP ITU, SCCP ITU, SCMG ITU, TCAP/INAP-CS1, TCAP/INAP-CS2, TCAP/INCS1-PLUS-C, TUP ITU, TCAP/INAP-CS2-ETSI, TCAP/SINAP6i, TCAP/SINAP7M, MTP2 ANSI, MTP3b ANSI, MTP3 ANSI, MTP T&M ANSI, ISUP ANSI, SCCP ANSI, SCMG ANSI, ISUP China, TUP China, ISDN, QSIG, DPNSS, IUA, M2UA, M3UA, SUA, M2PA, DUA, IUP UK, ISUP UK, ISUP Rus, ISUP Israel, ISUP France, T-ISUP, TCAP/T-INAP, GSM Abis L3, GSM Abis O&M, GSM TRAU 16k, GSM TRAU 8k, GSM TFO, GSM BSSAP, GSM DTAP, GSM BSSMAP, SGsAP, GSM BSSAP-LE, GSM DTAP-LE, GSM BSSMAP-LE, GSM Radio L3, GSM Radio SS, GSM Radio GMM/SM, GSM Radio LCS, GSM RRLP, GSM Radio SM-CP, GSM SM-RP, BSSAP PLUS, GSM LLP, GSM BSSLAP, TCAP/MAP Ph1, TCAP/MAP Ph2, TCAP/MAP R96, TCAP/MAP R97, TCAP/MAP R98, TCAP/MAP R4, TCAP/MAP R7, TCAP/MAP R9, TCAP/CAP1, TCAP/CAP2, TCAP/CAP3, TCAP/CAP4, GSM SM-TP, SMPP, UCP, CIMD, GPRS, GSM Gb NS, GSM BSSGP, GSM Gb LLC, TOM, SNDCP, GTPv1, GTPv0, GTP PRIME, GTPv2-C, RANAP, NBAP, LTE S1AP, LTE NAS, LTE EMM, LTE ESM, LTE X2AP, IuUP, IS-41, TCAP/IS-41-D, TCAP/IS-41-E, CDMA PDS IS-801, CDMA PDS IS-801, CDMA SMS IS-637, SMS EIA-136-710, SMS EIA-136-710, CDMA, CDMA A11, CDMA A1 BSAP, CDMA A1 BSMAP, CDMA A1 DTAP, CDMA A9.