Which nfdump version are you using? Can you provide me a sample nfcapd file off list please? Privacy is of course guaranteed.
- Peter On 09.03.16 13:08, Costas Kyr wrote: > Hello all, > I have used the nfanon tool to do some IP anonymisation but it seems that > some data get corrupted. I have looked around for possible answers but did > not find anything (a few similar questions). In my case > the original netflow entry looks like this:Date first seen Duration > Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows > 2013-12-01 00:03:05.512 0.000 UDP 192.168.1.105:0 -> > 192.168.1.255:0 1 229 12013-12-01 00:03:05.512 0.000 > UDP 192.168.1.105:0 -> 192.168.1.255:0 1 229 > 12013-12-01 00:06:02.630 0.000 UDP 192.168.1.147:0 -> > 192.168.1.255:0 1 229 1 > and the anonymised like this:2013-12-01 00:03:05.512 0.000 UDP > 0.0.0.0:0 -> 216.167.177.145:0 3.6 G 1 12013-12-01 > 00:03:05.512 0.000 UDP 0.0.0.0:0 -> 216.167.177.145:0 > 3.6 G 1 12013-12-01 00:06:02.630 0.000 UDP > 0.0.0.0:0 -> 216.167.177.115:0 3.6 G 1 1 > > In summary, the Destination address does not map consistency to a specific > anonymised IP address, and the Packets and Bytes get messed up. > > Has anyone else notices such behaviour ? > To read the original and anonymised captured files I used:nfdump -r > nfcapd.201312010005 > To anonymise I used:sudo nfanon -r nfcapd.201312010005 -K <a 32 character > string> > > Thanks a lot for any direction / advice ! > > > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 > > > > _______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > -- Be nice to your netflow data. Use NfSen and nfdump :) ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss