in Ar-Ge, English, Research

Sample netflow anonymisation script

In this post you will find a simple script once I used to anonymise netflow data.

nfanon command, which is one of the nfdump tools, is deployed.

nfanon is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module.

nfanon man page

You may find the netflow anonymisation script below.

#!/usr/bin/env bash
# Specify directory of the flow to be anonymised, 3 examples below.
# Select yesterday’s flow
# YESTERDAY=$(date -d ‘1 day ago’ +’%Y/%m/%d’)
# FILE_DIR=/data/nfsen/profiles-data/live/upstream1/$YESTERDAY/*
# Select a specific date

# Specify output directory

# Specify output directory

# The KEY is used to initialize the Rijndael cipher. KEY is either a 32
# character string, or a 64 hex digit string starting with 0x.

# Execute nfanon command with the predefined arguments over all flow files.
for f in $FILE_DIR
FILENAME=$(basename $f)
/usr/bin/nfanon -K $KEY -r $f -w $OUTPUT_DIR$FILENAME >> $LOG_FILE


Hope it works for you as well.

Write a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. This is a very nice script, but have you checked whether nfanon works correctly ? In my case it messes up Packets and Bytes entries among other things, making it unusable. Using nfdump: Version: 1.6.13