yaf-2.8.4-1.fc25.x86_64.rpm


Advertisement

Description

yaf - Yet Another Flow sensor

Distribution: Fedora 25
Repository: CERT Forensics Tools x86_64
Package name: yaf
Package version: 2.8.4
Package release: 1.fc25
Package architecture: x86_64
Package type: rpm
Installed size: 4.32 MB
Download size: 1.08 MB
Official Mirror: forensics.cert.org
YAF is Yet Another Flow sensor. It processes packet data from pcap(3) dumpfiles as generated by tcpdump(1) or via live capture from an interface using pcap(3) or an Endace DAG card into bidirectional flows, then exports those flows to IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can be used with the NetSA Aggregated Flow (NAF) toolchain.

Alternatives

Provides

  • config(yaf) = 2.8.4-1.fc25
  • libairframe-2.8.4.so.4()(64bit)
  • libyaf-2.8.4.so.4()(64bit)
  • yaf = 2.8.4-1.fc25
  • yaf
  • yaf(x86-64) = 2.8.4-1.fc25

    Download

    Source package: yaf-2.8.4-1.fc25.src.rpm

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install yaf rpm package:
      # dnf --enablerepo=forensics install yaf

    Files

    • /etc/dhcp_fingerprints.conf
    • /etc/yaf.conf
    • /etc/yafApplabelRules.conf
    • /etc/yafDPIRules.conf
    • /etc/init.d/yaf
    • /usr/bin/airdaemon
    • /usr/bin/filedaemon
    • /usr/bin/getFlowKeyHash
    • /usr/bin/ipfixDump
    • /usr/bin/yaf
    • /usr/bin/yafMeta2Pcap
    • /usr/bin/yafcollect
    • /usr/bin/yafscii
    • /usr/lib64/libairframe-2.8.4.so.4
    • /usr/lib64/libairframe-2.8.4.so.4.0.0
    • /usr/lib64/libairframe.so
    • /usr/lib64/libyaf-2.8.4.so.4
    • /usr/lib64/libyaf-2.8.4.so.4.0.0
    • /usr/lib64/libyaf.so
    • /usr/lib64/yaf/aolplugin.so
    • /usr/lib64/yaf/aolplugin.so.1
    • /usr/lib64/yaf/aolplugin.so.1.0.1
    • /usr/lib64/yaf/bgpplugin.so
    • /usr/lib64/yaf/bgpplugin.so.1
    • /usr/lib64/yaf/bgpplugin.so.1.0.1
    • /usr/lib64/yaf/dhcp_fp_plugin.so
    • /usr/lib64/yaf/dhcp_fp_plugin.so.1
    • /usr/lib64/yaf/dhcp_fp_plugin.so.1.0.1
    • /usr/lib64/yaf/dhcpplugin.so
    • /usr/lib64/yaf/dhcpplugin.so.1
    • /usr/lib64/yaf/dhcpplugin.so.1.0.1
    • /usr/lib64/yaf/dnp3plugin.so
    • /usr/lib64/yaf/dnp3plugin.so.1
    • /usr/lib64/yaf/dnp3plugin.so.1.0.1
    • /usr/lib64/yaf/dnsplugin.so
    • /usr/lib64/yaf/dnsplugin.so.1
    • /usr/lib64/yaf/dnsplugin.so.1.0.1
    • /usr/lib64/yaf/dpacketplugin.so
    • /usr/lib64/yaf/dpacketplugin.so.1
    • /usr/lib64/yaf/dpacketplugin.so.1.0.1
    • /usr/lib64/yaf/dumpplugin.so
    • /usr/lib64/yaf/dumpplugin.so.1
    • /usr/lib64/yaf/dumpplugin.so.1.0.1
    • /usr/lib64/yaf/ethipplugin.so
    • /usr/lib64/yaf/ethipplugin.so.1
    • /usr/lib64/yaf/ethipplugin.so.1.0.1
    • /usr/lib64/yaf/gh0stplugin.so
    • /usr/lib64/yaf/gh0stplugin.so.1
    • /usr/lib64/yaf/gh0stplugin.so.1.0.1
    • /usr/lib64/yaf/ircplugin.so
    • /usr/lib64/yaf/ircplugin.so.1
    • /usr/lib64/yaf/ircplugin.so.1.0.1
    • /usr/lib64/yaf/ldapplugin.so
    • /usr/lib64/yaf/ldapplugin.so.1
    • /usr/lib64/yaf/ldapplugin.so.1.0.1
    • /usr/lib64/yaf/ldpplugin.so
    • /usr/lib64/yaf/ldpplugin.so.1
    • /usr/lib64/yaf/ldpplugin.so.1.0.1
    • /usr/lib64/yaf/modbusplugin.so
    • /usr/lib64/yaf/modbusplugin.so.1
    • /usr/lib64/yaf/modbusplugin.so.1.0.1
    • /usr/lib64/yaf/mysqlplugin.so
    • /usr/lib64/yaf/mysqlplugin.so.1
    • /usr/lib64/yaf/mysqlplugin.so.1.0.1
    • /usr/lib64/yaf/netdgmplugin.so
    • /usr/lib64/yaf/netdgmplugin.so.1
    • /usr/lib64/yaf/netdgmplugin.so.1.0.1
    • /usr/lib64/yaf/nntpplugin.so
    • /usr/lib64/yaf/nntpplugin.so.1
    • /usr/lib64/yaf/nntpplugin.so.1.0.1
    • /usr/lib64/yaf/nullplugin.so
    • /usr/lib64/yaf/nullplugin.so.1
    • /usr/lib64/yaf/nullplugin.so.1.0.1
    • /usr/lib64/yaf/palplugin.so
    • /usr/lib64/yaf/palplugin.so.1
    • /usr/lib64/yaf/palplugin.so.1.0.1
    • /usr/lib64/yaf/piplugin.so
    • /usr/lib64/yaf/piplugin.so.1
    • /usr/lib64/yaf/piplugin.so.1.0.1
    • /usr/lib64/yaf/pop3plugin.so
    • /usr/lib64/yaf/pop3plugin.so.1
    • /usr/lib64/yaf/pop3plugin.so.1.0.1
    • /usr/lib64/yaf/pptpplugin.so
    • /usr/lib64/yaf/pptpplugin.so.1
    • /usr/lib64/yaf/pptpplugin.so.1.0.1
    • /usr/lib64/yaf/proxyplugin.so
    • /usr/lib64/yaf/proxyplugin.so.1
    • /usr/lib64/yaf/proxyplugin.so.1.0.1
    • /usr/lib64/yaf/rtpplugin.so
    • /usr/lib64/yaf/rtpplugin.so.1
    • /usr/lib64/yaf/rtpplugin.so.1.0.1
    • /usr/lib64/yaf/slpplugin.so
    • /usr/lib64/yaf/slpplugin.so.1
    • /usr/lib64/yaf/slpplugin.so.1.0.1
    • /usr/lib64/yaf/snmpplugin.so
    • /usr/lib64/yaf/snmpplugin.so.1
    • /usr/lib64/yaf/snmpplugin.so.1.0.1
    • /usr/lib64/yaf/socksplugin.so
    • /usr/lib64/yaf/socksplugin.so.1
    • /usr/lib64/yaf/socksplugin.so.1.0.1
    • /usr/lib64/yaf/teredoplugin.so
    • /usr/lib64/yaf/teredoplugin.so.1
    • /usr/lib64/yaf/teredoplugin.so.1.0.1
    • /usr/lib64/yaf/tftpplugin.so
    • /usr/lib64/yaf/tftpplugin.so.1
    • /usr/lib64/yaf/tftpplugin.so.1.0.1
    • /usr/lib64/yaf/tlsplugin.so
    • /usr/lib64/yaf/tlsplugin.so.1
    • /usr/lib64/yaf/tlsplugin.so.1.0.1
    • /usr/share/doc/yaf/AUTHORS
    • /usr/share/doc/yaf/COPYING
    • /usr/share/doc/yaf/NEWS
    • /usr/share/doc/yaf/README
    • /usr/share/doc/yaf/html/airdaemon.html
    • /usr/share/doc/yaf/html/applabel.html
    • /usr/share/doc/yaf/html/filedaemon.html
    • /usr/share/doc/yaf/html/getFlowKeyHash.html
    • /usr/share/doc/yaf/html/ipfixDump.html
    • /usr/share/doc/yaf/html/yaf.html
    • /usr/share/doc/yaf/html/yaf.init.html
    • /usr/share/doc/yaf/html/yafMeta2Pcap.html
    • /usr/share/doc/yaf/html/yafdhcp.html
    • /usr/share/doc/yaf/html/yafdpi.html
    • /usr/share/doc/yaf/html/yafscii.html
    • /usr/share/doc/yaf/html/yafzcbalance.html
    • /usr/share/doc/yaf/html/libyaf/_c_e_r_t___i_e_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/annotated.html
    • /usr/share/doc/yaf/html/libyaf/arrowdown.png
    • /usr/share/doc/yaf/html/libyaf/arrowright.png
    • /usr/share/doc/yaf/html/libyaf/bc_s.png
    • /usr/share/doc/yaf/html/libyaf/bdwn.png
    • /usr/share/doc/yaf/html/libyaf/classes.html
    • /usr/share/doc/yaf/html/libyaf/closed.png
    • /usr/share/doc/yaf/html/libyaf/config_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/decode_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/dir_615759f7aa2b23f9d732a2fd184cb668.html
    • /usr/share/doc/yaf/html/libyaf/dir_d44c64559bbebec7f509842c48db8b23.html
    • /usr/share/doc/yaf/html/libyaf/doc.png
    • /usr/share/doc/yaf/html/libyaf/doxygen.css
    • /usr/share/doc/yaf/html/libyaf/doxygen.png
    • /usr/share/doc/yaf/html/libyaf/dynsections.js
    • /usr/share/doc/yaf/html/libyaf/files.html
    • /usr/share/doc/yaf/html/libyaf/folderclosed.png
    • /usr/share/doc/yaf/html/libyaf/folderopen.png
    • /usr/share/doc/yaf/html/libyaf/functions.html
    • /usr/share/doc/yaf/html/libyaf/functions_vars.html
    • /usr/share/doc/yaf/html/libyaf/globals.html
    • /usr/share/doc/yaf/html/libyaf/globals_defs.html
    • /usr/share/doc/yaf/html/libyaf/globals_func.html
    • /usr/share/doc/yaf/html/libyaf/globals_type.html
    • /usr/share/doc/yaf/html/libyaf/index.html
    • /usr/share/doc/yaf/html/libyaf/jquery.js
    • /usr/share/doc/yaf/html/libyaf/nav_f.png
    • /usr/share/doc/yaf/html/libyaf/nav_g.png
    • /usr/share/doc/yaf/html/libyaf/nav_h.png
    • /usr/share/doc/yaf/html/libyaf/open.png
    • /usr/share/doc/yaf/html/libyaf/pages.html
    • /usr/share/doc/yaf/html/libyaf/picq_8h.html
    • /usr/share/doc/yaf/html/libyaf/picq_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/ring_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/splitbar.png
    • /usr/share/doc/yaf/html/libyaf/structyf_flow__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_flow_key__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_flow_stats__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_flow_val__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_hook_meta_data.html
    • /usr/share/doc/yaf/html/libyaf/structyf_i_p_frag_info__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_l2_info__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_m_p_t_c_p_flow__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_m_p_t_c_p_info__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_p_buf__st.html
    • /usr/share/doc/yaf/html/libyaf/structyf_t_c_p_info__st.html
    • /usr/share/doc/yaf/html/libyaf/sync_off.png
    • /usr/share/doc/yaf/html/libyaf/sync_on.png
    • /usr/share/doc/yaf/html/libyaf/tab_a.png
    • /usr/share/doc/yaf/html/libyaf/tab_b.png
    • /usr/share/doc/yaf/html/libyaf/tab_h.png
    • /usr/share/doc/yaf/html/libyaf/tab_s.png
    • /usr/share/doc/yaf/html/libyaf/tabs.css
    • /usr/share/doc/yaf/html/libyaf/yaf_orcus.html
    • /usr/share/doc/yaf/html/libyaf/yaf_pcap.html
    • /usr/share/doc/yaf/html/libyaf/yaf_pcap2.html
    • /usr/share/doc/yaf/html/libyaf/yaf_silk.html
    • /usr/share/doc/yaf/html/libyaf/yaf_sm_silk.html
    • /usr/share/doc/yaf/html/libyaf/yafcore_8h.html
    • /usr/share/doc/yaf/html/libyaf/yafcore_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/yafhooks_8h.html
    • /usr/share/doc/yaf/html/libyaf/yafhooks_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/yafrag_8h.html
    • /usr/share/doc/yaf/html/libyaf/yafrag_8h_source.html
    • /usr/share/doc/yaf/html/libyaf/yaftab_8h.html
    • /usr/share/doc/yaf/html/libyaf/yaftab_8h_source.html
    • /usr/share/man/man1/airdaemon.1.gz
    • /usr/share/man/man1/applabel.1.gz
    • /usr/share/man/man1/filedaemon.1.gz
    • /usr/share/man/man1/getFlowKeyHash.1.gz
    • /usr/share/man/man1/ipfixDump.1.gz
    • /usr/share/man/man1/yaf.1.gz
    • /usr/share/man/man1/yaf.init.1.gz
    • /usr/share/man/man1/yafMeta2Pcap.1.gz
    • /usr/share/man/man1/yafdhcp.1.gz
    • /usr/share/man/man1/yafdpi.1.gz
    • /usr/share/man/man1/yafscii.1.gz
    • /usr/share/man/man1/yafzcbalance.1.gz

    Changelog

    2016-04-14 - Lawrence Rogers <lrr@cert.org> 2.8.4-1 * Release 2.8.4-1 2.8.4 Fix incompatibility with older versions of libpcap introduced in 2.8.3 2.8.3 Important bug fix for versions 2.8.x. Fixes a bug in decoding specific TCP Options headers.

    2016-04-05 - Lawrence Rogers <lrr@cert.org> 2.8.2-1 * Release 2.8.2-1 Fix application labeling bug introduced in 2.8.0 which incorrectly labels particular REGEX labels Other Bug Fixes

    2016-02-04 - Lawrence Rogers <lrr@cert.org> 2.8.1-1 * Release 2.8.1-1 Fix compile error when configured with --disable-payload Force buffer emit with IPFIX Options record when inactive

    2015-12-22 - Lawrence Rogers <lrr@cert.org> 2.8.0-1 * Release 2.8.0-1 Remove support for fixbuf releases prior to libfixbuf-1.7.0 PF_RING support PF_RING ZC (Zero Copy) support Add support for gzip'd PCAP files Add support for decoding MPTCP headers and exporting MPTCP information Add LUA configuration file for yaf startup New SSL Server Name field export from TLS/SSL Client Hello New option for exporting entire X.509 Certificate Add Fragment flag to flowAttributes to signify that a flow contained fragmented packets DHCP fingerprinting plugin now exports basic list of options by default ipfixDump prints number of records for each template Bug Fix for labeling DNS over TCP Bug Fix for reverseFlowDeltaMilliseconds field Bug Fix for collecting X.509 Certificates through a proxy More detailed information about ignored packets on termination/SIGUSR1

    2015-10-20 - Lawrence Rogers <lrr@cert.org> 2.7.1-3 * Release 2.7.1-3 New release built with libfixbuf 1.7.1.

    2015-07-07 - Lawrence Rogers <lrr@cert.org> 2.7.1-2 * Release 2.7.1-2 New release built with libfixbuf 1.7.0

    2015-01-27 - Lawrence Rogers <lrr@cert.org> 2.7.1-1 * Release 2.7.1-1 Fix a bug with --flow-stats in particular configurations

    2015-01-07 - Lawrence Rogers <lrr@cert.org> 2.7.0-1 * Release 2.7.0-1 New Gh0st RAT Application Label New NetBIOS Datagram Service Application Label yafMeta2Pcap can now accept IPFIX input getFlowKeyHash now exports IPFIX Support for indexing PCAPNG files New YAF option --no-output to produce no IPFIX output New YAF options --hash and --stime to search for a single flow with the given hash and start time DNS DPI now exports query section of resource record for all responses with nonzero RCODE Faster searching of pcap-meta files Implement SAME_SIZE flag for TCP flows Minor Bug Fixes

    2014-12-08 - Lawrence Rogers <lrr@cert.org> 2.6.0-4 * Release 2.6.0-4 New release built with libfixbuf 1.6.2

    2014-10-15 - Lawrence Rogers <lrr@cert.org> 2.6.0-3 * Release 2.6.0-3 New release built with libfixbuf 1.6.1

    Advertisement
    Advertisement