silk-devel - The SiLK Toolset development files

Distribution: Fedora 25
Repository: CERT Forensics Tools SiLK, IPA, Postgresql x86_64
Package name: silk-devel
Package version: 3.14.0
Package release: 2.fc25
Package architecture: x86_64
Package type: rpm
Installed size: 834.20 KB
Download size: 218.20 KB
Official Mirror:
SiLK, the System for Internet-Level Knowledge, is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. The silk-devel package contains the development libraries and headers for SiLK. This package is required to build additional applications or to build shared libraries for use as plug-ins to the SiLK analysis tools.



  • libtool(/usr/lib64/
  • libtool(/usr/lib64/
  • libtool(/usr/lib64/
  • silk-devel = 3.14.0-2.fc25
  • silk-devel(x86-64) = 3.14.0-2.fc25


    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install silk-devel rpm package:
      # dnf --enablerepo=forensics-sip install silk-devel


    • /usr/bin/silk_config
    • /usr/include/
    • /usr/include/silk/bagtree.h
    • /usr/include/silk/hashlib.h
    • /usr/include/silk/iptree.h
    • /usr/include/silk/libflowsource.h
    • /usr/include/silk/probeconf.h
    • /usr/include/silk/redblack.h
    • /usr/include/silk/rwascii.h
    • /usr/include/silk/rwflowpack.h
    • /usr/include/silk/rwpack.h
    • /usr/include/silk/rwrec.h
    • /usr/include/silk/silk.h
    • /usr/include/silk/silk_config.h
    • /usr/include/silk/silk_config2.h
    • /usr/include/silk/silk_files.h
    • /usr/include/silk/silk_types.h
    • /usr/include/silk/skbag.h
    • /usr/include/silk/skcountry.h
    • /usr/include/silk/skdaemon.h
    • /usr/include/silk/skdeque.h
    • /usr/include/silk/skdllist.h
    • /usr/include/silk/skheader.h
    • /usr/include/silk/skheap.h
    • /usr/include/silk/skipaddr.h
    • /usr/include/silk/skipset.h
    • /usr/include/silk/sklog.h
    • /usr/include/silk/skmempool.h
    • /usr/include/silk/skplugin.h
    • /usr/include/silk/skpolldir.h
    • /usr/include/silk/skprefixmap.h
    • /usr/include/silk/skprintnets.h
    • /usr/include/silk/sksite.h
    • /usr/include/silk/skstream.h
    • /usr/include/silk/skstringmap.h
    • /usr/include/silk/sktempfile.h
    • /usr/include/silk/skthread.h
    • /usr/include/silk/sktimer.h
    • /usr/include/silk/sktracemsg.h
    • /usr/include/silk/skvector.h
    • /usr/include/silk/utils.h
    • /usr/lib64/
    • /usr/lib64/
    • /usr/lib64/
    • /usr/lib64/
    • /usr/lib64/
    • /usr/lib64/
    • /usr/share/man/man1/silk_config.1.gz
    • /usr/share/man/man3/silk-plugin.3.gz


    2016-11-17 - Lawrence Rogers <> 3.14.0-1/2 * Release 3.14.0-1/2 IPset changes Add a new file format, record-version=5, for IPsets containing IPv6 addresses that should be more compact than record-version=4. Unless the default file format is changed at configure time, the new format must be explicitly requested using --record-version switch or via the SILK_IPSET_RECORD_VERSION environment variable. Fix a bug when working with IPsets that contain IPv6 addresses and have more than 44,739,242 internal nodes. The bug may cause the tool to crash or to loop endlessly. Reduce how quickly memory grows when building an IPset that contains IPv6 addresses. Perform additional integrity checks when reading an IPset file from disk. rwsetbuild Fix a bug introduced in SiLK-3.11.0 that may occur when computing the intersection or difference of an IPv4 IPset with an IPv6 IPset that is in record-version=4 format. Addresses in the ::ffff:0:0/96 netblock of the IPv6 IPset were ignored when the IPset contained clusters of addresses less then ::ffff:0:0. rwsetcat Allow computing the count of IP addresses in an IPset without loading the IPset into memory. rwbag Fix a bug when creating a bag whose key is attributes that causes the bag to appear to have duplicate keys. rwfileinfo Rename the title of the compression field. The title was changed unintentionally in SiLK 3.12.2 and caused iSiLK to fail. rwstats, rwuniq Do not limit the maximum hash table size to a 32-bit value on a 64-bit platform. flowcap, rwflowpack In the sensor.conf file, add support for a quirk to handle NetFlow v9 records generated by a SonicWall device where the router up-time is reported in seconds instead of milliseconds. Building Add a configure switch, --enable-ipset-compatibility, that allows changing the default IPset file format written by SiLK. The argument is the version of SiLK with which IPsets are to be compatible. The IPset file format changes at 3.7.0 and 3.14.0.

    2016-09-29 - Lawrence Rogers <> 3.13.0-1/2 * Release 3.13.0-1/2 Change across all tools Add support for compressing files with "Snappy" compression when the Snappy library and header are found during configuration. Add support for the SILK_COMPRESSION_METHOD environment variable that provides a default value for the --compression-method switch. rwcount Do not limit the maximum array size to a 32-bit value on 64-bit platforms. rwsettool Add a --symmetric-difference switch to compute the set of IP addresses that occur in only one of two input IPsets. rwfileinfo Disable printing of the record count when the file's compression method is not available. rwfilter, rwfglob Fix a file-selection bug where a --start-date specified in epoch seconds that fell on a day boundary would return files for that entire day instead of for that single hour. PySiLK Fix memory leaks. Fix a bug in the where an epoch-based start-date value that fell on a day boundary would return files for that entire day instead of for that single hour. rwsender Change the log messages that are written when scanning the incoming and processing directories.