NAME

nfanon - netflow anonymisation

SYNOPSIS

nfanon [options]

DESCRIPTION

nfanon is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x.

nfanon has several modes of operation.

o nfanon reads a sequence of input files, specified by -r, -R and -M and anonymises the flows in the given files. The input file arguments have the same syntax and meaning as nfdump(1).

o nfanon reads a sequence of input files, specified by -r, -R and -M. All anonymised flows are written to a single file specified by -w.

o nfanon works as filter and reads flows from stding and writes the anonymised flows to stdout.

OPTIONS

-r inputfile

Read input data from inputfile. Default is read from stdin.

-R expr

Read input from a sequence of files in the same directory. expr may be one of:

-M expr

Read input from multiple directories. expr looks like: /any/path/to/dir1:dir2:dir3 etc. and will be expanded to the directories: /any/path/to/dir1, /any/path/to/dir2 and /any/path/to/dir3 Any number of colon separated directories may be given. The files to read are specified by -r or -R and are expected to exist in all the given directories. The options -r and -R must not contain any directory part when used in conjunction with -M.

-w outputfile

If specified writes anonymised netflow records to outputfile.

-K key

The key is used to initialize the Rijndael cipher. key is either a 32 character string, or a 64 hex digit string starting with 0x.

RETURN VALUE

Returns

NOTES

None.

SEE ALSO

nfdump(1)

BUGS