TraceWrangler
TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark.
Cost / License
- Free
- Open Source
Platforms
- Windows
Features
Properties
- Privacy focused
TraceWrangler News & Activities
Recent activities
- POX added TraceWrangler as alternative to Packémon
TraceWrangler information
Developed by
Jasper BongertzLicensing
Open Source and Free product.Alternatives
3 alternatives listedSupported Languages
- English
What is TraceWrangler?
TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark. The most prominent use case for TraceWrangler is the easy sanitization and anonymization of PCAP and PCAPng files (sometimes called "trace files", "capture files" or "packet captures"), removing or replacing sensitive data while being easy to use.
TraceWrangler generally works on a list of files. It doesn't matter if there's only one file in the list or hundreds. A couple of things can be performed using the pop up menu of the file list, but most things require creating a task and configuring its actions.
This is the list of protocols and layers TraceWrangler currently supports when sanitizing files:
Ethernet VLAN tags ARP/RARP Tunneling: AYIYA, GRE, GTP-U, VXLAN, Geneve (most are just passed through) IPv4 IPv6, including Fragmentation Headers (more Extension Headers to come at a later time) TCP UDP ICMPv4 ICMPv6 DHCPv4 NetFlow v5 HSRP RTPS
If a protocol is not supported, TraceWrangler will do one of two things, depending on the payload settings you define on the General Settings section:
- keep the unknown protocol intact, which may expose sensitive data
- truncate the frame at the offset where the unknown protocol starts