silk-analysis-3.14.0-2.fc25.i686.rpm


Advertisement

Description

silk-analysis - SiLK Toolset: The Analysis Suite

Distribution: Fedora 25
Repository: CERT Forensics Tools SiLK, IPA, Postgresql i386
Package name: silk-analysis
Package version: 3.14.0
Package release: 2.fc25
Package architecture: i686
Package type: rpm
Installed size: 6.30 MB
Download size: 1.90 MB
Official Mirror: forensics.cert.org
SiLK, the System for Internet-Level Knowledge, is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. The silk-analysis package contains the analysis tools that query the SiLK Flow data collected by rwflowpack (contained in the silk-rwflowpack package) and summarize that data in various ways.

Alternatives

Provides

  • silk-analysis = 3.14.0-2.fc25
  • silk-analysis(x86-32) = 3.14.0-2.fc25

    Download

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install silk-analysis rpm package:
      # dnf --enablerepo=forensics-sip install silk-analysis

    Files

    • /usr/bin/mapsid
    • /usr/bin/num2dot
    • /usr/bin/rwaddrcount
    • /usr/bin/rwallformats
    • /usr/bin/rwappend
    • /usr/bin/rwbag
    • /usr/bin/rwbagbuild
    • /usr/bin/rwbagcat
    • /usr/bin/rwbagtool
    • /usr/bin/rwcat
    • /usr/bin/rwcombine
    • /usr/bin/rwcompare
    • /usr/bin/rwcount
    • /usr/bin/rwcut
    • /usr/bin/rwdedupe
    • /usr/bin/rwfglob
    • /usr/bin/rwfilter
    • /usr/bin/rwgeoip2ccmap
    • /usr/bin/rwgroup
    • /usr/bin/rwidsquery
    • /usr/bin/rwip2cc
    • /usr/bin/rwipaexport
    • /usr/bin/rwipaimport
    • /usr/bin/rwipfix2silk
    • /usr/bin/rwmatch
    • /usr/bin/rwnetmask
    • /usr/bin/rwp2yaf2silk
    • /usr/bin/rwpcut
    • /usr/bin/rwpdedupe
    • /usr/bin/rwpdu2silk
    • /usr/bin/rwpmapbuild
    • /usr/bin/rwpmapcat
    • /usr/bin/rwpmaplookup
    • /usr/bin/rwpmatch
    • /usr/bin/rwptoflow
    • /usr/bin/rwrandomizeip
    • /usr/bin/rwrecgenerator
    • /usr/bin/rwresolve
    • /usr/bin/rwscan
    • /usr/bin/rwset
    • /usr/bin/rwsetbuild
    • /usr/bin/rwsetcat
    • /usr/bin/rwsetmember
    • /usr/bin/rwsettool
    • /usr/bin/rwsilk2ipfix
    • /usr/bin/rwsort
    • /usr/bin/rwsplit
    • /usr/bin/rwstats
    • /usr/bin/rwswapbytes
    • /usr/bin/rwtotal
    • /usr/bin/rwtuc
    • /usr/bin/rwuniq
    • /usr/lib/python2.7/site-packages/silk/__init__.py
    • /usr/lib/python2.7/site-packages/silk/__init__.pyc
    • /usr/lib/python2.7/site-packages/silk/__init__.pyo
    • /usr/lib/python2.7/site-packages/silk/_netsa_silk.py
    • /usr/lib/python2.7/site-packages/silk/_netsa_silk.pyc
    • /usr/lib/python2.7/site-packages/silk/_netsa_silk.pyo
    • /usr/lib/python2.7/site-packages/silk/fglob.py
    • /usr/lib/python2.7/site-packages/silk/fglob.pyc
    • /usr/lib/python2.7/site-packages/silk/fglob.pyo
    • /usr/lib/python2.7/site-packages/silk/plugin.py
    • /usr/lib/python2.7/site-packages/silk/plugin.pyc
    • /usr/lib/python2.7/site-packages/silk/plugin.pyo
    • /usr/lib/python2.7/site-packages/silk/pysilk.so
    • /usr/lib/python2.7/site-packages/silk/site.py
    • /usr/lib/python2.7/site-packages/silk/site.pyc
    • /usr/lib/python2.7/site-packages/silk/site.pyo
    • /usr/lib/silk/app-mismatch.so
    • /usr/lib/silk/conficker-c.so
    • /usr/lib/silk/cutmatch.so
    • /usr/lib/silk/flowrate.so
    • /usr/lib/silk/int-ext-fields.so
    • /usr/lib/silk/ipafilter.so
    • /usr/lib/silk/uniq-distproto.so
    • /usr/share/man/man1/mapsid.1.gz
    • /usr/share/man/man1/num2dot.1.gz
    • /usr/share/man/man1/rwaddrcount.1.gz
    • /usr/share/man/man1/rwappend.1.gz
    • /usr/share/man/man1/rwbag.1.gz
    • /usr/share/man/man1/rwbagbuild.1.gz
    • /usr/share/man/man1/rwbagcat.1.gz
    • /usr/share/man/man1/rwbagtool.1.gz
    • /usr/share/man/man1/rwcat.1.gz
    • /usr/share/man/man1/rwcombine.1.gz
    • /usr/share/man/man1/rwcompare.1.gz
    • /usr/share/man/man1/rwcount.1.gz
    • /usr/share/man/man1/rwcut.1.gz
    • /usr/share/man/man1/rwdedupe.1.gz
    • /usr/share/man/man1/rwfglob.1.gz
    • /usr/share/man/man1/rwfilter.1.gz
    • /usr/share/man/man1/rwgeoip2ccmap.1.gz
    • /usr/share/man/man1/rwgroup.1.gz
    • /usr/share/man/man1/rwidsquery.1.gz
    • /usr/share/man/man1/rwip2cc.1.gz
    • /usr/share/man/man1/rwipaexport.1.gz
    • /usr/share/man/man1/rwipaimport.1.gz
    • /usr/share/man/man1/rwipfix2silk.1.gz
    • /usr/share/man/man1/rwmatch.1.gz
    • /usr/share/man/man1/rwnetmask.1.gz
    • /usr/share/man/man1/rwp2yaf2silk.1.gz
    • /usr/share/man/man1/rwpcut.1.gz
    • /usr/share/man/man1/rwpdedupe.1.gz
    • /usr/share/man/man1/rwpdu2silk.1.gz
    • /usr/share/man/man1/rwpmapbuild.1.gz
    • /usr/share/man/man1/rwpmapcat.1.gz
    • /usr/share/man/man1/rwpmaplookup.1.gz
    • /usr/share/man/man1/rwpmatch.1.gz
    • /usr/share/man/man1/rwptoflow.1.gz
    • /usr/share/man/man1/rwrandomizeip.1.gz
    • /usr/share/man/man1/rwrecgenerator.1.gz
    • /usr/share/man/man1/rwresolve.1.gz
    • /usr/share/man/man1/rwscan.1.gz
    • /usr/share/man/man1/rwset.1.gz
    • /usr/share/man/man1/rwsetbuild.1.gz
    • /usr/share/man/man1/rwsetcat.1.gz
    • /usr/share/man/man1/rwsetmember.1.gz
    • /usr/share/man/man1/rwsettool.1.gz
    • /usr/share/man/man1/rwsilk2ipfix.1.gz
    • /usr/share/man/man1/rwsort.1.gz
    • /usr/share/man/man1/rwsplit.1.gz
    • /usr/share/man/man1/rwstats.1.gz
    • /usr/share/man/man1/rwswapbytes.1.gz
    • /usr/share/man/man1/rwtotal.1.gz
    • /usr/share/man/man1/rwtuc.1.gz
    • /usr/share/man/man1/rwuniq.1.gz
    • /usr/share/man/man3/addrtype.3.gz
    • /usr/share/man/man3/ccfilter.3.gz
    • /usr/share/man/man3/flowrate.3.gz
    • /usr/share/man/man3/int-ext-fields.3.gz
    • /usr/share/man/man3/ipafilter.3.gz
    • /usr/share/man/man3/packlogic-generic.3.gz
    • /usr/share/man/man3/packlogic-twoway.3.gz
    • /usr/share/man/man3/pmapfilter.3.gz
    • /usr/share/man/man3/pysilk.3.gz
    • /usr/share/man/man3/silkpython.3.gz
    • /usr/share/silk/addrtype-templ.txt

    Changelog

    2016-11-17 - Lawrence Rogers <lrr@cert.org> 3.14.0-1/2 * Release 3.14.0-1/2 IPset changes Add a new file format, record-version=5, for IPsets containing IPv6 addresses that should be more compact than record-version=4. Unless the default file format is changed at configure time, the new format must be explicitly requested using --record-version switch or via the SILK_IPSET_RECORD_VERSION environment variable. Fix a bug when working with IPsets that contain IPv6 addresses and have more than 44,739,242 internal nodes. The bug may cause the tool to crash or to loop endlessly. Reduce how quickly memory grows when building an IPset that contains IPv6 addresses. Perform additional integrity checks when reading an IPset file from disk. rwsetbuild Fix a bug introduced in SiLK-3.11.0 that may occur when computing the intersection or difference of an IPv4 IPset with an IPv6 IPset that is in record-version=4 format. Addresses in the ::ffff:0:0/96 netblock of the IPv6 IPset were ignored when the IPset contained clusters of addresses less then ::ffff:0:0. rwsetcat Allow computing the count of IP addresses in an IPset without loading the IPset into memory. rwbag Fix a bug when creating a bag whose key is attributes that causes the bag to appear to have duplicate keys. rwfileinfo Rename the title of the compression field. The title was changed unintentionally in SiLK 3.12.2 and caused iSiLK to fail. rwstats, rwuniq Do not limit the maximum hash table size to a 32-bit value on a 64-bit platform. flowcap, rwflowpack In the sensor.conf file, add support for a quirk to handle NetFlow v9 records generated by a SonicWall device where the router up-time is reported in seconds instead of milliseconds. Building Add a configure switch, --enable-ipset-compatibility, that allows changing the default IPset file format written by SiLK. The argument is the version of SiLK with which IPsets are to be compatible. The IPset file format changes at 3.7.0 and 3.14.0.

    2016-09-29 - Lawrence Rogers <lrr@cert.org> 3.13.0-1/2 * Release 3.13.0-1/2 Change across all tools Add support for compressing files with "Snappy" compression when the Snappy library and header are found during configuration. Add support for the SILK_COMPRESSION_METHOD environment variable that provides a default value for the --compression-method switch. rwcount Do not limit the maximum array size to a 32-bit value on 64-bit platforms. rwsettool Add a --symmetric-difference switch to compute the set of IP addresses that occur in only one of two input IPsets. rwfileinfo Disable printing of the record count when the file's compression method is not available. rwfilter, rwfglob Fix a file-selection bug where a --start-date specified in epoch seconds that fell on a day boundary would return files for that entire day instead of for that single hour. PySiLK Fix memory leaks. Fix a bug in the silk.site.repository_iter() where an epoch-based start-date value that fell on a day boundary would return files for that entire day instead of for that single hour. rwsender Change the log messages that are written when scanning the incoming and processing directories.

    Advertisement
    Advertisement