Which nfdump version are you using? Can you provide me a sample nfcapd file off 
list please? Privacy is of course
guaranteed.

        - Peter

On 09.03.16 13:08, Costas Kyr wrote:
> Hello all, 
> I have used the nfanon tool to do some IP anonymisation but it seems that 
> some data get corrupted. I have looked around for possible answers but did 
> not find anything (a few similar questions). In my case 
> the original netflow entry looks like this:Date first seen          Duration 
> Proto      Src IP Addr:Port          Dst IP Addr:Port   Packets    Bytes Flows
> 2013-12-01 00:03:05.512     0.000 UDP      192.168.1.105:0     ->    
> 192.168.1.255:0            1      229     12013-12-01 00:03:05.512     0.000 
> UDP      192.168.1.105:0     ->    192.168.1.255:0            1      229     
> 12013-12-01 00:06:02.630     0.000 UDP      192.168.1.147:0     ->    
> 192.168.1.255:0            1      229     1
> and the anonymised like this:2013-12-01 00:03:05.512     0.000 UDP            
> 0.0.0.0:0     ->  216.167.177.145:0        3.6 G        1     12013-12-01 
> 00:03:05.512     0.000 UDP            0.0.0.0:0     ->  216.167.177.145:0     
>    3.6 G        1     12013-12-01 00:06:02.630     0.000 UDP            
> 0.0.0.0:0     ->  216.167.177.115:0        3.6 G        1     1
> 
> In summary, the Destination address does not map consistency to a specific 
> anonymised IP address, and the Packets and Bytes get messed up. 
> 
> Has anyone else notices such behaviour ? 
> To read the original and anonymised captured files I used:nfdump -r 
> nfcapd.201312010005
> To anonymise I used:sudo nfanon -r nfcapd.201312010005 -K <a 32 character 
> string> 
> 
> Thanks a lot for any direction / advice !                                     
>   
> 
> 
> 
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to