• View
• Edit
• History
• Print

In the tcpdump data collected at Dartmouth College, we anonymize both the MAC and IP addresses. After anonymizing these addresses, we rewrite the IP, TCP and/or UDP checksums as appropriate, since these are calculated using the MAC and IP addresses. We also remove any data payload beyond the TCP or UDP header that may have been inadvertently captured during the sniffing process. (Our sniffers use the tcpdump software to capture the first 68 bytes of each Ethernet packet that they see. This is sufficient to capture up to the TCP or UDP header of each packet. Headers may vary in length, however, and so for some packets with short headers, we may inadvertently capture some data payload. It is impractical to remove this payload during the capture process, and so it is removed during anonymization.)