yaf - Yet Another Flow sensor
YAF is Yet Another Flow sensor. It processes packet data from pcap(3) dumpfiles as generated by tcpdump(1) or via live capture from an interface using pcap(3) or an Endace DAG card into bidirectional flows, then exports those flows to IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can be used with the NetSA Aggregated Flow (NAF) toolchain.
|yaf-2.12.2-1.amzn2.x86_64 [861 KiB]||
by Lawrence R. Rogers (2021-10-14):
* Release 2.12.2-1 Added new protocols to the yafAppLabelRules.conf file and updated several regular expressions. Changed the regexes used by the SMTP DPI plugin and improved capture when multiple messages appear in a single SMTP session. Fixed a crash in the SMTP DPI plugin when reading uniflow records. Updated the POP3 DPI plugin. Updated yafzcbalance to be compatibile with PF_Ring-8.