table of contents
| NFANON(1) | General Commands Manual | NFANON(1) | 
NAME¶
nfanon — anonymize
    the IP addresses
SYNOPSIS¶
| nfanon | -rpath
      [-wnffile]-Kkey
      [-q] [-h] | 
DESCRIPTION¶
nfanon anonimizes all IP addresses ( src,
    dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn
    (Cryptography-based Prefix-preserving Anonymization) module. The key -K is
    used to initialize the Rijndael cipher. The key is either a 32 character
    string, or a 64 hex digit string starting with 0x. See
    https://en.wikipedia.org/wiki/Crypto-PAn for more information on
  CryptoPAn.
The source specified by argument -r
    path may point to a single nfdump file or to a
    directory containing many nfdump files. All files in a directory are
    processed recursively.
If the output argument -w
    nffile is given, all anonimized records are written
    into that single file, even if the source is a directory. If no argument
    -w is specified, nfanon
    overwrites the original source file with the anonymized flow records. If the
    source is a directory, each flow file is anonymized respectively.
The options are as follows:
- -rpath
- Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.
- [-wnffile]
- File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.
- -kkey
- key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.
- -q
- nfanonprints the file name to be processed and an actifivy spinner. This option disables both.
- -h
- Print help text to stdout and exit.
EXAMPLES¶
To create a random 64 character hex string you may use the following command:
% xxd -u -l 32 -p -c 64
  /dev/urandomRETURN VALUES¶
nfanon returns 0 on success and 255
    otherwise.
SEE ALSO¶
| August 16, 2025 | Debian |