yaf-2.8.4-1.fc25.x86_64.rpm


Advertisement

Description

yaf - Yet Another Flow sensor

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools x86_64
Package name yaf
Package version 2.8.4
Package release 1.fc25
Package architecture x86_64
Package type rpm
Installed size 4.32 MB
Download size 1.08 MB
Official Mirror forensics.cert.org
YAF is Yet Another Flow sensor. It processes packet data from pcap(3) dumpfiles
as generated by tcpdump(1) or via live capture from an interface using pcap(3)
or an Endace DAG card into bidirectional flows, then exports those flows to
IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can
be used with the NetSA Aggregated Flow (NAF) toolchain.

Alternatives

Package Version Architecture Repository
yaf-2.10.0-2.fc25.i686.rpm 2.10.0 i686 CERT Forensics Tools
yaf-2.10.0-2.fc25.x86_64.rpm 2.10.0 x86_64 CERT Forensics Tools
yaf-2.10.0-1.fc25.i686.rpm 2.10.0 i686 CERT Forensics Tools
yaf-2.10.0-1.fc25.x86_64.rpm 2.10.0 x86_64 CERT Forensics Tools
yaf-2.9.3-1.fc25.i686.rpm 2.9.3 i686 CERT Forensics Tools
yaf-2.9.3-1.fc25.x86_64.rpm 2.9.3 x86_64 CERT Forensics Tools
yaf-2.9.2-1.fc25.i686.rpm 2.9.2 i686 CERT Forensics Tools
yaf-2.9.2-1.fc25.x86_64.rpm 2.9.2 x86_64 CERT Forensics Tools
yaf-2.9.1-1.fc25.i686.rpm 2.9.1 i686 CERT Forensics Tools
yaf-2.9.1-1.fc25.x86_64.rpm 2.9.1 x86_64 CERT Forensics Tools
yaf-2.9.0-1.fc25.i686.rpm 2.9.0 i686 CERT Forensics Tools
yaf-2.9.0-1.fc25.x86_64.rpm 2.9.0 x86_64 CERT Forensics Tools
yaf-2.8.4-1.fc25.i686.rpm 2.8.4 i686 CERT Forensics Tools
yaf - - -

Requires

Name Value
/sbin/ldconfig -
glib2 >= 2.6.4
libc.so.6(GLIBC_2.3)(64bit) -
libdl.so.2()(64bit) -
libdl.so.2(GLIBC_2.2.5)(64bit) -
libfixbuf >= 1.0.0
libfixbuf.so.3()(64bit) -
libglib-2.0.so.0()(64bit) -
libgthread-2.0.so.0()(64bit) -
libm.so.6()(64bit) -
libm.so.6(GLIBC_2.2.5)(64bit) -
libpcap -
libpcap.so.1()(64bit) -
libpcre.so.1()(64bit) -
libpthread.so.0()(64bit) -
libpthread.so.0(GLIBC_2.2.5)(64bit) -
libz.so.1()(64bit) -
pcre >= 7.3
rtld(GNU_HASH) -

Provides

Name Value
config(yaf) = 2.8.4-1.fc25
libairframe-2.8.4.so.4()(64bit) -
libyaf-2.8.4.so.4()(64bit) -
yaf -
yaf = 2.8.4-1.fc25
yaf(x86-64) = 2.8.4-1.fc25

Download

Type URL
Binary Package yaf-2.8.4-1.fc25.x86_64.rpm
Source Package yaf-2.8.4-1.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-25.rpm
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install yaf rpm package:
    # dnf --enablerepo=forensics install yaf

Files

Path
/etc/dhcp_fingerprints.conf
/etc/yaf.conf
/etc/yafApplabelRules.conf
/etc/yafDPIRules.conf
/etc/init.d/yaf
/usr/bin/airdaemon
/usr/bin/filedaemon
/usr/bin/getFlowKeyHash
/usr/bin/ipfixDump
/usr/bin/yaf
/usr/bin/yafMeta2Pcap
/usr/bin/yafcollect
/usr/bin/yafscii
/usr/lib64/libairframe-2.8.4.so.4
/usr/lib64/libairframe-2.8.4.so.4.0.0
/usr/lib64/libairframe.so
/usr/lib64/libyaf-2.8.4.so.4
/usr/lib64/libyaf-2.8.4.so.4.0.0
/usr/lib64/libyaf.so
/usr/lib64/yaf/aolplugin.so
/usr/lib64/yaf/aolplugin.so.1
/usr/lib64/yaf/aolplugin.so.1.0.1
/usr/lib64/yaf/bgpplugin.so
/usr/lib64/yaf/bgpplugin.so.1
/usr/lib64/yaf/bgpplugin.so.1.0.1
/usr/lib64/yaf/dhcp_fp_plugin.so
/usr/lib64/yaf/dhcp_fp_plugin.so.1
/usr/lib64/yaf/dhcp_fp_plugin.so.1.0.1
/usr/lib64/yaf/dhcpplugin.so
/usr/lib64/yaf/dhcpplugin.so.1
/usr/lib64/yaf/dhcpplugin.so.1.0.1
/usr/lib64/yaf/dnp3plugin.so
/usr/lib64/yaf/dnp3plugin.so.1
/usr/lib64/yaf/dnp3plugin.so.1.0.1
/usr/lib64/yaf/dnsplugin.so
/usr/lib64/yaf/dnsplugin.so.1
/usr/lib64/yaf/dnsplugin.so.1.0.1
/usr/lib64/yaf/dpacketplugin.so
/usr/lib64/yaf/dpacketplugin.so.1
/usr/lib64/yaf/dpacketplugin.so.1.0.1
/usr/lib64/yaf/dumpplugin.so
/usr/lib64/yaf/dumpplugin.so.1
/usr/lib64/yaf/dumpplugin.so.1.0.1
/usr/lib64/yaf/ethipplugin.so
/usr/lib64/yaf/ethipplugin.so.1
/usr/lib64/yaf/ethipplugin.so.1.0.1
/usr/lib64/yaf/gh0stplugin.so
/usr/lib64/yaf/gh0stplugin.so.1
/usr/lib64/yaf/gh0stplugin.so.1.0.1
/usr/lib64/yaf/ircplugin.so
/usr/lib64/yaf/ircplugin.so.1
/usr/lib64/yaf/ircplugin.so.1.0.1
/usr/lib64/yaf/ldapplugin.so
/usr/lib64/yaf/ldapplugin.so.1
/usr/lib64/yaf/ldapplugin.so.1.0.1
/usr/lib64/yaf/ldpplugin.so
/usr/lib64/yaf/ldpplugin.so.1
/usr/lib64/yaf/ldpplugin.so.1.0.1
/usr/lib64/yaf/modbusplugin.so
/usr/lib64/yaf/modbusplugin.so.1
/usr/lib64/yaf/modbusplugin.so.1.0.1
/usr/lib64/yaf/mysqlplugin.so
/usr/lib64/yaf/mysqlplugin.so.1
/usr/lib64/yaf/mysqlplugin.so.1.0.1
/usr/lib64/yaf/netdgmplugin.so
/usr/lib64/yaf/netdgmplugin.so.1
/usr/lib64/yaf/netdgmplugin.so.1.0.1
/usr/lib64/yaf/nntpplugin.so
/usr/lib64/yaf/nntpplugin.so.1
/usr/lib64/yaf/nntpplugin.so.1.0.1
/usr/lib64/yaf/nullplugin.so
/usr/lib64/yaf/nullplugin.so.1
/usr/lib64/yaf/nullplugin.so.1.0.1
/usr/lib64/yaf/palplugin.so
/usr/lib64/yaf/palplugin.so.1
/usr/lib64/yaf/palplugin.so.1.0.1
/usr/lib64/yaf/piplugin.so
/usr/lib64/yaf/piplugin.so.1
/usr/lib64/yaf/piplugin.so.1.0.1
/usr/lib64/yaf/pop3plugin.so
/usr/lib64/yaf/pop3plugin.so.1
/usr/lib64/yaf/pop3plugin.so.1.0.1
/usr/lib64/yaf/pptpplugin.so
/usr/lib64/yaf/pptpplugin.so.1
/usr/lib64/yaf/pptpplugin.so.1.0.1
/usr/lib64/yaf/proxyplugin.so
/usr/lib64/yaf/proxyplugin.so.1
/usr/lib64/yaf/proxyplugin.so.1.0.1
/usr/lib64/yaf/rtpplugin.so
/usr/lib64/yaf/rtpplugin.so.1
/usr/lib64/yaf/rtpplugin.so.1.0.1
/usr/lib64/yaf/slpplugin.so
/usr/lib64/yaf/slpplugin.so.1
/usr/lib64/yaf/slpplugin.so.1.0.1
/usr/lib64/yaf/snmpplugin.so
/usr/lib64/yaf/snmpplugin.so.1
/usr/lib64/yaf/snmpplugin.so.1.0.1
/usr/lib64/yaf/socksplugin.so
/usr/lib64/yaf/socksplugin.so.1
/usr/lib64/yaf/socksplugin.so.1.0.1
/usr/lib64/yaf/teredoplugin.so
/usr/lib64/yaf/teredoplugin.so.1
/usr/lib64/yaf/teredoplugin.so.1.0.1
/usr/lib64/yaf/tftpplugin.so
/usr/lib64/yaf/tftpplugin.so.1
/usr/lib64/yaf/tftpplugin.so.1.0.1
/usr/lib64/yaf/tlsplugin.so
/usr/lib64/yaf/tlsplugin.so.1
/usr/lib64/yaf/tlsplugin.so.1.0.1
/usr/share/doc/yaf/AUTHORS
/usr/share/doc/yaf/COPYING
/usr/share/doc/yaf/NEWS
/usr/share/doc/yaf/README
/usr/share/doc/yaf/html/airdaemon.html
/usr/share/doc/yaf/html/applabel.html
/usr/share/doc/yaf/html/filedaemon.html
/usr/share/doc/yaf/html/getFlowKeyHash.html
/usr/share/doc/yaf/html/ipfixDump.html
/usr/share/doc/yaf/html/yaf.html
/usr/share/doc/yaf/html/yaf.init.html
/usr/share/doc/yaf/html/yafMeta2Pcap.html
/usr/share/doc/yaf/html/yafdhcp.html
/usr/share/doc/yaf/html/yafdpi.html
/usr/share/doc/yaf/html/yafscii.html
/usr/share/doc/yaf/html/yafzcbalance.html
/usr/share/doc/yaf/html/libyaf/_c_e_r_t___i_e_8h_source.html
/usr/share/doc/yaf/html/libyaf/annotated.html
/usr/share/doc/yaf/html/libyaf/arrowdown.png
/usr/share/doc/yaf/html/libyaf/arrowright.png
/usr/share/doc/yaf/html/libyaf/bc_s.png
/usr/share/doc/yaf/html/libyaf/bdwn.png
/usr/share/doc/yaf/html/libyaf/classes.html
/usr/share/doc/yaf/html/libyaf/closed.png
/usr/share/doc/yaf/html/libyaf/config_8h_source.html
/usr/share/doc/yaf/html/libyaf/decode_8h_source.html
/usr/share/doc/yaf/html/libyaf/dir_615759f7aa2b23f9d732a2fd184cb668.html
/usr/share/doc/yaf/html/libyaf/dir_d44c64559bbebec7f509842c48db8b23.html
/usr/share/doc/yaf/html/libyaf/doc.png
/usr/share/doc/yaf/html/libyaf/doxygen.css
/usr/share/doc/yaf/html/libyaf/doxygen.png
/usr/share/doc/yaf/html/libyaf/dynsections.js
/usr/share/doc/yaf/html/libyaf/files.html
/usr/share/doc/yaf/html/libyaf/folderclosed.png
/usr/share/doc/yaf/html/libyaf/folderopen.png
/usr/share/doc/yaf/html/libyaf/functions.html
/usr/share/doc/yaf/html/libyaf/functions_vars.html
/usr/share/doc/yaf/html/libyaf/globals.html
/usr/share/doc/yaf/html/libyaf/globals_defs.html
/usr/share/doc/yaf/html/libyaf/globals_func.html
/usr/share/doc/yaf/html/libyaf/globals_type.html
/usr/share/doc/yaf/html/libyaf/index.html
/usr/share/doc/yaf/html/libyaf/jquery.js
/usr/share/doc/yaf/html/libyaf/nav_f.png
/usr/share/doc/yaf/html/libyaf/nav_g.png
/usr/share/doc/yaf/html/libyaf/nav_h.png
/usr/share/doc/yaf/html/libyaf/open.png
/usr/share/doc/yaf/html/libyaf/pages.html
/usr/share/doc/yaf/html/libyaf/picq_8h.html
/usr/share/doc/yaf/html/libyaf/picq_8h_source.html
/usr/share/doc/yaf/html/libyaf/ring_8h_source.html
/usr/share/doc/yaf/html/libyaf/splitbar.png
/usr/share/doc/yaf/html/libyaf/structyf_flow__st.html
/usr/share/doc/yaf/html/libyaf/structyf_flow_key__st.html
/usr/share/doc/yaf/html/libyaf/structyf_flow_stats__st.html
/usr/share/doc/yaf/html/libyaf/structyf_flow_val__st.html
/usr/share/doc/yaf/html/libyaf/structyf_hook_meta_data.html
/usr/share/doc/yaf/html/libyaf/structyf_i_p_frag_info__st.html
/usr/share/doc/yaf/html/libyaf/structyf_l2_info__st.html
/usr/share/doc/yaf/html/libyaf/structyf_m_p_t_c_p_flow__st.html
/usr/share/doc/yaf/html/libyaf/structyf_m_p_t_c_p_info__st.html
/usr/share/doc/yaf/html/libyaf/structyf_p_buf__st.html
/usr/share/doc/yaf/html/libyaf/structyf_t_c_p_info__st.html
/usr/share/doc/yaf/html/libyaf/sync_off.png
/usr/share/doc/yaf/html/libyaf/sync_on.png
/usr/share/doc/yaf/html/libyaf/tab_a.png
/usr/share/doc/yaf/html/libyaf/tab_b.png
/usr/share/doc/yaf/html/libyaf/tab_h.png
/usr/share/doc/yaf/html/libyaf/tab_s.png
/usr/share/doc/yaf/html/libyaf/tabs.css
/usr/share/doc/yaf/html/libyaf/yaf_orcus.html
/usr/share/doc/yaf/html/libyaf/yaf_pcap.html
/usr/share/doc/yaf/html/libyaf/yaf_pcap2.html
/usr/share/doc/yaf/html/libyaf/yaf_silk.html
/usr/share/doc/yaf/html/libyaf/yaf_sm_silk.html
/usr/share/doc/yaf/html/libyaf/yafcore_8h.html
/usr/share/doc/yaf/html/libyaf/yafcore_8h_source.html
/usr/share/doc/yaf/html/libyaf/yafhooks_8h.html
/usr/share/doc/yaf/html/libyaf/yafhooks_8h_source.html
/usr/share/doc/yaf/html/libyaf/yafrag_8h.html
/usr/share/doc/yaf/html/libyaf/yafrag_8h_source.html
/usr/share/doc/yaf/html/libyaf/yaftab_8h.html
/usr/share/doc/yaf/html/libyaf/yaftab_8h_source.html
/usr/share/man/man1/airdaemon.1.gz
/usr/share/man/man1/applabel.1.gz
/usr/share/man/man1/filedaemon.1.gz
/usr/share/man/man1/getFlowKeyHash.1.gz
/usr/share/man/man1/ipfixDump.1.gz
/usr/share/man/man1/yaf.1.gz
/usr/share/man/man1/yaf.init.1.gz
/usr/share/man/man1/yafMeta2Pcap.1.gz
/usr/share/man/man1/yafdhcp.1.gz
/usr/share/man/man1/yafdpi.1.gz
/usr/share/man/man1/yafscii.1.gz
/usr/share/man/man1/yafzcbalance.1.gz

Changelog

2016-04-14 - Lawrence Rogers <lrr@cert.org> 2.8.4-1
* Release 2.8.4-1
2.8.4
Fix incompatibility with older versions of libpcap introduced in 2.8.3
2.8.3
Important bug fix for versions 2.8.x. Fixes a bug in decoding specific TCP Options headers.
2016-04-05 - Lawrence Rogers <lrr@cert.org> 2.8.2-1
* Release 2.8.2-1
Fix application labeling bug introduced in 2.8.0 which incorrectly labels particular REGEX labels
Other Bug Fixes
2016-02-04 - Lawrence Rogers <lrr@cert.org> 2.8.1-1
* Release 2.8.1-1
Fix compile error when configured with --disable-payload
Force buffer emit with IPFIX Options record when inactive
2015-12-22 - Lawrence Rogers <lrr@cert.org> 2.8.0-1
* Release 2.8.0-1
Remove support for fixbuf releases prior to libfixbuf-1.7.0
PF_RING support
PF_RING ZC (Zero Copy) support
Add support for gzip'd PCAP files
Add support for decoding MPTCP headers and exporting MPTCP information
Add LUA configuration file for yaf startup
New SSL Server Name field export from TLS/SSL Client Hello
New option for exporting entire X.509 Certificate
Add Fragment flag to flowAttributes to signify that a flow contained fragmented packets
DHCP fingerprinting plugin now exports basic list of options by default
ipfixDump prints number of records for each template
Bug Fix for labeling DNS over TCP
Bug Fix for reverseFlowDeltaMilliseconds field
Bug Fix for collecting X.509 Certificates through a proxy
More detailed information about ignored packets on termination/SIGUSR1
2015-10-20 - Lawrence Rogers <lrr@cert.org> 2.7.1-3
* Release 2.7.1-3
New release built with libfixbuf 1.7.1.
2015-07-07 - Lawrence Rogers <lrr@cert.org> 2.7.1-2
* Release 2.7.1-2
New release built with libfixbuf 1.7.0
2015-01-27 - Lawrence Rogers <lrr@cert.org> 2.7.1-1
* Release 2.7.1-1
Fix a bug with --flow-stats in particular configurations
2015-01-07 - Lawrence Rogers <lrr@cert.org> 2.7.0-1
* Release 2.7.0-1
New Gh0st RAT Application Label
New NetBIOS Datagram Service Application Label
yafMeta2Pcap can now accept IPFIX input
getFlowKeyHash now exports IPFIX
Support for indexing PCAPNG files
New YAF option --no-output to produce no IPFIX output
New YAF options --hash and --stime to search for a single flow with the given hash and start time
DNS DPI now exports query section of resource record for all responses with nonzero RCODE
Faster searching of pcap-meta files
Implement SAME_SIZE flag for TCP flows
Minor Bug Fixes
2014-12-08 - Lawrence Rogers <lrr@cert.org> 2.6.0-4
* Release 2.6.0-4
New release built with libfixbuf 1.6.2
2014-10-15 - Lawrence Rogers <lrr@cert.org> 2.6.0-3
* Release 2.6.0-3
New release built with libfixbuf 1.6.1

See Also

Package Description
yaf-devel-2.10.0-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.10.0-2.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.8.4-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.9.0-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.9.1-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.9.2-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yaf-devel-2.9.3-1.fc25.x86_64.rpm Static libraries and C header files for yaf
yara-3.5.0-5.1.fc25.x86_64.rpm Pattern matching Swiss knife for malware researchers
yara-3.5.0-7.1.fc25.x86_64.rpm Pattern matching Swiss knife for malware researchers
yara-devel-3.5.0-5.1.fc25.x86_64.rpm Development files for yara
yara-devel-3.5.0-7.1.fc25.x86_64.rpm Development files for yara
yara-doc-3.5.0-5.1.fc25.noarch.rpm Documentation for yara
yara-doc-3.5.0-7.1.fc25.noarch.rpm Documentation for yara
yara-python-3.5.0-5.fc25.x86_64.rpm yara-python - Python extension that gives access to YARA from Python scripts
yara-python-3.5.0-7.1.fc25.x86_64.rpm yara-python - Python extension that gives access to YARA from Python scripts
Advertisement
Advertisement