Hello all,
I have used the nfanon tool to do some IP anonymisation but it seems that some
data get corrupted. I have looked around for possible answers but did not find
anything (a few similar questions). In my case
the original netflow entry looks like this:Date first seen Duration
Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2013-12-01 00:03:05.512 0.000 UDP 192.168.1.105:0 ->
192.168.1.255:0 1 229 12013-12-01 00:03:05.512 0.000
UDP 192.168.1.105:0 -> 192.168.1.255:0 1 229
12013-12-01 00:06:02.630 0.000 UDP 192.168.1.147:0 ->
192.168.1.255:0 1 229 1
and the anonymised like this:2013-12-01 00:03:05.512 0.000 UDP
0.0.0.0:0 -> 216.167.177.145:0 3.6 G 1 12013-12-01
00:03:05.512 0.000 UDP 0.0.0.0:0 -> 216.167.177.145:0
3.6 G 1 12013-12-01 00:06:02.630 0.000 UDP 0.0.0.0:0
-> 216.167.177.115:0 3.6 G 1 1
In summary, the Destination address does not map consistency to a specific
anonymised IP address, and the Packets and Bytes get messed up.
Has anyone else notices such behaviour ?
To read the original and anonymised captured files I used:nfdump -r
nfcapd.201312010005
To anonymise I used:sudo nfanon -r nfcapd.201312010005 -K <a 32 character
string>
Thanks a lot for any direction / advice !
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
