nfanon - Man Page

anonymize the IP addresses


nfanon-r path [-w nffile] -K key [-q] [-h]


nfanon anonimizes all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x. See for more information on CryptoPAn.

The source specified by argument -r path may point to a single nfdump file or to a directory containing many nfdump files. All files in a directory are processed recursively.

If the output argument -w nffile is given, all anonimized records are written into that single file, even if the source is a directory. If no argument -w is specified, nfanon overwrites the original source file with the anonymized flow records. If the source is a directory, each flow file is anonymized respectively.

The options are as follows:

-r path

Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.

[-w nffile]

File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.

-k key

key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.


nfanon prints the file name to be processed and an actifivy spinner. This option disables both.


Print help text to stdout and exit.


To create a random 64 character hex string you may use the following command:

% xxd -u -l 32 -p -c 64 /dev/urandom

Use the resulting output as key, prepended with 0x as -K argument.

Return Values

nfanon returns 0 on success and 255 otherwise.

See Also



August 5, 2023