nfanon - Man Page

nfanon anonimizes all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x. See https://en.wikipedia.org/wiki/Crypto-PAn for more information on CryptoPAn.

The source specified by argument -r path may point to a single nfdump file or to a directory containing many nfdump files. All files in a directory are processed recursively.

If the output argument -w nffile is given, all anonimized records are written into that single file, even if the source is a directory. If no argument -w is specified, nfanon overwrites the original source file with the anonymized flow records. If the source is a directory, each flow file is anonymized respectively.

The options are as follows:

-r path

Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.

[-w nffile]

File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.

-k key

key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.

-q

nfanon prints the file name to be processed and an actifivy spinner. This option disables both.

-h

Print help text to stdout and exit.

To create a random 64 character hex string you may use the following command:

% xxd -u -l 32 -p -c 64 /dev/urandom

Use the resulting output as key, prepended with 0x as -K argument.

nfanon returns 0 on success and 255 otherwise.

nfdump(1)