CRAWDAD tools/sanitize/generic/AnonTool

Citation Author(s):
Institute of Computer Science
E. P.
Institute of Computer Science
European Network and Information Security Agency (ENISA)
Foundation for Research and Technology - Hellas (FORTH)
Submitted by:
Last updated:
Thu, 11/09/2006 - 08:00
Data Format:
0 ratings - Please login to submit your rating.


AnonTool - an open-source implementation of Anonymization API.

AnonTool, an open-source implementation of Anonymization API, provides an easy to use, flexible and efficient library of functions that can be used to anonymize live traffic, or packet traces in libpcap file format. Currently, IP, TCP/UDP, HTTP, FTP and Netflow v5 and v9 are supported. Three ready-to-use applications have been implemented on top of this library; one provides basic anonymization functionality for the IP/TCP/UDP protocols, and two more which can perform anonymization on every field of a Netflow datagram, one for v5 and one for v9 respectively.

Lastmodified :


Dataname :


File :

anontool-v0.8.tar.gz, API-v0.8.txt

Releasedate :


Equiversion :


References :


Website :

Keyword :

packet trace

License :

* anontool Copyright Notice, License and Disclaimer
* Copyright 2006 by Antonatos Spiros, Koukis Demetres and Foukarakis Michael
* Permission to use, copy, modify, and distribute this software and its
* documentation for any purpose and without fee is hereby granted, provided
* that the above copyright notice appear in all copies and that both the
* copyright notice and this permission notice and warranty disclaimer appear
* in supporting documentation, and that the names of the authors not be used
* in advertising or publicity pertaining to distribution of the software without
* specific, written prior permission.
* The authors disclaim all warranties with regard to this software, including all
* implied warranties of merchantability and fitness.  In no event shall we be liable
* for any special, indirect or consequential damages or any damages whatsoever
* resulting from loss of use, data or profits, whether in an action of contract,
* negligence or other tortious action, arising out of or in connection with the
* use or performance of this software.

Support :

The tool is being maintained by and
Please report any bugs you come across.

Autoconf and automake support are currently on their way.

If you want anonymization for another protocol to be implemented, drop us a line,
we might even consider it. Be informed, however, that the tool was designed with
the thought of new protocols being added constantly in mind, so it follows a simple
modular architecture to allow this, without requiring extensive knowledge of the code.

Build :

-Just make :) (pcap, libnet, pcre libraries needed)

Debian users can do : apt-get install libnet1 libpcre3 libpcap0.8
to install dependencies is the shared library containing the anonymization framework.
-There are 3 anonymization applications provided, in the folder applications/
-Also in the applications/ folder, are included 2 small tcpdump traces for testing
(small_trace -> various TCP traffic, netflow_v9_small -> what it says)

Output :

anonymized network traces

Parameters :

see the usage for details

Usage :

The first of these, is a sample application that uses the framework in order to anonymize TCP and UDP packets.
The tool is able to anonymize IP addresses, tcp ports, TCP/UDP payload, checksums, IP options, as well as printing
the packets. The application reads packets from a pcap trace file or from an network interface and dumps the anonymized
packets to a pcap file. Note that -f or -i option must preceed all other options

./anon_packets [ -f input_file | -i interface ] [-a -t -d -c -z -p -h] output
-c Fix checksums
-z Zero tcp and ip options
-p Print anonymized packets
-h Print this help message


1) Prefix-preserving anonymization for IP addressses, mapping to intergers for TCP ports, zero TCP/IP options,
replace TCP/UDP payload with hash and fix checksums. Read packets from pcap file input_file and dump anonymized
packets to pcap file output_file

./anon_packets -f input_file -c -z -a PREFIX -t MAP -d HASH output_file

2) Map IP addressses to integers, zero TCP/IP options, remove TCP/UDP payload with hash, fix checksums and print
anonymized packets.Read packets from eth0 interface and dump anonymized packets to pcap file output_file

./anon_packets -i eth0 -p -c -z -a MAP -d STRIP output_file

Usage :

The second and third applications are able to perform anonymization of Netflow datagrams, as exported by a Cisco router. The Netflow
datagram export format is defined in excruciating detail here:  (version 9)      (version 5, amongst others)
Every field that might be included in a Netflow datagram can be anonymized. The application, as probably expected, can read from a pcap
compatible trace file or a live NIC and dump the anonymized packets to a pcap compatible file.
One could as easily feed the file to another NIC through the use of UNIX pipes and tools such as tcpreplay.

Run ./anonymize_netflow_v9 or ./anonymize_netflow_v5 for a message explaining the usage of those 2 applications. Most options
are common with previous two applications

Algorithm :

The key point is configurability where the user can define
any anonymization policy as a series of functions that are
applied on packets.  Our main design goal is to facilitate
the development of custom anonymization tools, that are able
to implement both simple and complex policies, in only a few
lines of simple code. The usefulness of the output trace
depends solely on the decisions of the user and the anonymization
policy that is defined and is not addressed in this work.

The major advantage of our framework is that it works up
to application-level offering a large set of anonymization
primitives and in parallel trying to optimize the necessary
functions.  All in all this work constitutes currently the most
complete framework for anonymization of realtime traffic
and offline traces. Furthermore, the framework is implemented
in a modular way so it is fully extensible in terms
of functionality, protocols and new traffic sources. Finally,
we measured the performance of our anonymization primitives
and their combination. Our results have shown that in
most commonly used policies, AAPI outperforms existing
similar applications, which offer only a subset of the AAPI

For detailed algorithm, please refer to [koukis-anonymization].
Also, please read the API.txt (linked below) for the API
documentation. It contains all needed fields and functions to develop
you own applications along with source code of a sample application.

The files in this directory are a CRAWDAD toolset hosted by IEEE DataPort. 

About CRAWDAD: the Community Resource for Archiving Wireless Data At Dartmouth is a data resource for the research community interested in wireless networks and mobile computing. 

CRAWDAD was founded at Dartmouth College in 2004, led by Tristan Henderson, David Kotz, and Chris McDonald. CRAWDAD toolsets are hosted by IEEE DataPort as of November 2022. 

Note: Please use the tools in an ethical and responsible way with the aim of doing no harm to any person or entity for the benefit of society at large. Please respect the privacy of any human subjects whose wireless-network activity is captured by the tools and comply with all applicable laws, including without limitation such applicable laws pertaining to the protection of personal information, security of data, and data breaches. Please do not apply, adapt or develop algorithms for the extraction of the true identity of users and other information of a personal nature, which might constitute personally identifiable information or protected health information under any such applicable laws. Do not publish or otherwise disclose to any other person or entity any information that constitutes personally identifiable information or protected health information under any such applicable laws derived from the tools through manual or automated techniques. 

Please acknowledge the source of the tools in any publications or presentations reporting use of this tools. 


D. Koukis, Spiros Antonatos, Demetris Antoniades, E. P. Markatos, P. Trimintzios, Michalis Fukarakis, CRAWDAD toolset tools/sanitize/generic/AnonTool (v. 2006‑09‑26), Sep 2006.

Dataset Files

Open Access dataset files are accessible to all logged in  users. Don't have a login?  Create a free IEEE account.  IEEE Membership is not required.

These datasets are part of Community Resource for Archiving Wireless Data (CRAWDAD). CRAWDAD began in 2004 at Dartmouth College as a place to share wireless network data with the research community. Its purpose was to enable access to data from real networks and real mobile users at a time when collecting such data was challenging and expensive. The archive has continued to grow since its inception, and starting in summer 2022 is being housed on IEEE DataPort.

Questions about CRAWDAD? See our CRAWDAD FAQ. Interested in submitting your dataset to the CRAWDAD collection? Get started, by submitting an Open Access Dataset.