nfanon is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x.
See http://www.cc.gatech.edu/computing/Telecomm/cryptopan/ for more information about CryptoPAn.
nfanon has several modes of operation.
o nfanon reads a sequence of input files, specified by -r, -R and -M and anonymises the flows in the given files. The input file arguments have the same syntax and meaning as nfdump(1).
o nfanon reads a sequence of input files, specified by -r, -R and -M. All anonymised flows are written to a single file specified by -w.
o nfanon works as filter and reads flows from stding and writes the anonymised flows to stdout.
- -r inputfile
Read input data from inputfile. Default is read from stdin.
- -R expr
Read input from a sequence of files in the same directory. expr may be one of:
/any/dir Read recursively all files in directory dir.
/dir/file Read all files beginning with file.
/dir/file1:file2 Read all files from file1 to file2.
Note: files are read in alphabetical sequence.
- -M expr
Read input from multiple directories. expr looks like: /any/path/to/dir1:dir2:dir3 etc. and will be expanded to the directories: /any/path/to/dir1, /any/path/to/dir2 and /any/path/to/dir3 Any number of colon separated directories may be given. The files to read are specified by -r or -R and are expected to exist in all the given directories. The options -r and -R must not contain any directory part when used in conjunction with -M.
- -w outputfile
If specified writes anonymised netflow records to outputfile.
- -K key
The key is used to initialize the Rijndael cipher. key is either a 32 character string, or a 64 hex digit string starting with 0x.
0 No error.
255 Initialization failed.
250 Internal error.