Pcap Sanitizing & Anonymizing
all stacks, all layers

SafePCAP is a universal scriptable L2-L7 packet capture (Pcap) files anonymizer, sanitizer, and editor. It allows for easy editing of packet capture data at any stack layer while fully preserving packets integrity. A SafePCAP sanitized Pcap file can be analyzed as easily as the original, but has all the sensitive data fields scrambled.

Hundreds of protocol stacks are supported. Full support for all 3G/LTE 3GPP Mobile Core protocols and interfaces including SS7, RANAP, DIAMETER, and VoLTE.

SafePCAP can be executed from a command line. For example, this is the command to replace IP address velues for all packets at all stack layers:

SafePcapCLI.exe input.pcap -find 192.168.104.179 -replacewith 1.1.1.1 -find 192.168.105.49 -replacewith 2.2.2.2 -save output.pcapng

What is SafePCAP good for?

  • Automated anonymization/scrubbing of pcap files
  • Building custom pcap files for firewall validation
  • Building pseudorandom pcap files for stacks fuzzing
Key Features
WYSIWYG Packet Editing

Visually edit a captured packet at any stack layer. Obfuscate any field. Add/Delete an optional field of the packet with a click.

Auto Dependencies Calc

Dependencies in the modified data are recalculated automatically. No worry about offsets, checksums, encoding, etc.

Total Automation

Automation is supported. To repeat a multi-step editing/scrubbing operation, run each step from a CLI in a batch file.

Frequently Asked Questions
What is the difference between SafePCAP and WireEdit?

Both tools are made by Omnipacket. WireEdit is free to download/use for any purpose, while SafePCAP is a commercial product. SafePCAP features and capabilities are a superset of WireEdit features and capabilities. The major advantages of SafePCAP are: pcapng format support, large files (> 2 Gig) support, hundreds of additional protocols supported, fine-grained replace operations, higher speed of execution, programmability, support for CLI, faster bug fixing, enterprise level tech support.

What is the difference between SafePCAP and other network traffic anonymizing tools?

Other tools can't anonymize binary encoded stack layers above UDP/TCP. Instead they take a simplistic approach of zeroing them out. This approach is far from ideal for some of the use cases. For example, it makes an effective analysis of anonymized 3GPP Mobile Core Network Pcap files impossible.

The popular opinion on the Subj is expressed here. It is indeed difficult to write software which allows editing of all fields at all stack layers without breaking packets integrity. But it's not impossible. SafePCAP supports it today.

What protocols are supported by SafePCAP today?

New protocols are added all the time. Here is the partical list:

IP, Ethernet II, IEEE 802.1Q, IPv4, IPv6, UDP, TCP, SCTP, GRE, TLS, TPKT, VXLAN, NetBIOS, SMB, HTTP, HTTP2, FTP, IMAP, POP3, DNS, NTP, OpenFlow, MODBUS, FIXT, ICMPv4, ICMPv6, IGMP Ver 1, IGMP Ver 2, IGMP Ver 3, TELNET, SSH, DHCP, DHCPv6, ARP, RARP, LLDP, XMPP, LDAP, SNMPv1, SNMPv2c, SNMPv2u, SNMPv3, RSVP, BGP, OSPF, CAPWAP, DTLS, SoupBinTCP, NASDAQ OUCH 4.2, CPE-WAN over SOAP, HNCP, Radiotap, IEEE 802.11, L2TPv2, L2TPv3, 802.3/LLC, Cisco AN, Cisco AN, ESP, ISAKMP, CESoPSN, PPPoE, PPPoE, PPP, PPP LCP, PPP IPCP, PPP PAP, SIP, RTP, RTCP, RFC 2833, CISCO Skinny, MSRP, DIAMETER, H.248.1 v1 Text, H.248.1 v1 BER, H.248.1 v2 Text, H.248.1 v2 BER, H.248.1 v3 Text, H.248.1 v3 BER, Q.931/H.225, MGCP, H.323, H.245, RADIUS, SDP, IMS XML App part, T.38, SCSI, iSCSI, SCSI, MODBUS, Bluetooth, HCI, L2CAP, DNP3, MPEG2 TS, DOCSIS, MTP3b ITU, MTP3 ITU, MTP T&M ITU, BICC ITU, ISUP ITU, SCCP ITU, SCMG ITU, TCAP/INAP-CS1, TCAP/INAP-CS2, TCAP/INCS1-PLUS-C, TUP ITU, TCAP/INAP-CS2-ETSI, TCAP/SINAP6i, TCAP/SINAP7M, MTP2 ANSI, MTP3b ANSI, MTP3 ANSI, MTP T&M ANSI, ISUP ANSI, SCCP ANSI, SCMG ANSI, ISUP China, TUP China, ISDN, QSIG, DPNSS, IUA, M2UA, M3UA, SUA, M2PA, DUA, IUP UK, ISUP UK, ISUP Rus, ISUP Israel, ISUP France, T-ISUP, TCAP/T-INAP, GSM Abis L3, GSM Abis O&M, GSM TRAU 16k, GSM TRAU 8k, GSM TFO, GSM BSSAP, GSM DTAP, GSM BSSMAP, SGsAP, GSM BSSAP-LE, GSM DTAP-LE, GSM BSSMAP-LE, GSM Radio L3, GSM Radio SS, GSM Radio GMM/SM, GSM Radio LCS, GSM RRLP, GSM Radio SM-CP, GSM SM-RP, BSSAP PLUS, GSM LLP, GSM BSSLAP, TCAP/MAP Ph1, TCAP/MAP Ph2, TCAP/MAP R96, TCAP/MAP R97, TCAP/MAP R98, TCAP/MAP R4, TCAP/MAP R7, TCAP/MAP R9, TCAP/CAP1, TCAP/CAP2, TCAP/CAP3, TCAP/CAP4, GSM SM-TP, SMPP, UCP, CIMD, GPRS, GSM Gb NS, GSM BSSGP, GSM Gb LLC, TOM, SNDCP, GTPv1, GTPv0, GTP PRIME, GTPv2-C, RANAP, NBAP, LTE S1AP, LTE NAS, LTE EMM, LTE ESM, LTE X2AP, IuUP, IS-41, TCAP/IS-41-D, TCAP/IS-41-E, CDMA PDS IS-801, CDMA PDS IS-801, CDMA SMS IS-637, SMS EIA-136-710, SMS EIA-136-710, CDMA, CDMA A11, CDMA A1 BSAP, CDMA A1 BSMAP, CDMA A1 DTAP, CDMA A9.