yaf - Yet Another Flow sensor

License: GPL
YAF is Yet Another Flow sensor. It processes packet data from pcap(3) dumpfiles
as generated by tcpdump(1) or via live capture from an interface using pcap(3)
or an Endace DAG card into bidirectional flows, then exports those flows to
IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can
be used with the NetSA Aggregated Flow (NAF) toolchain.


yaf-3.0.0.alpha3-1.el7.x86_64 [805 KiB] Changelog by Lawrence R. Rogers (2023-07-18):
* Release 3.0.0.alpha3-1
	Changed DNS deep packet inspection to produce names and text records with escape codes for special characters (non-ASCII, non-printable, special whitespace, and label-internal dots in names).
	Made DNS deep packet inspection more strict about parsing malformed DNS Resource Records across RR boundaries within the packet.
	Enhanced the --time and --etime options of yafMeta2Pcap to accept a human-readable timestamp in addition to milliseconds.
	Changed the destination of --version output to the standard output.
	Changed yaf to only export the fingerprint-related elements (firstPacketBanner, etc) when the --fpexport option is given. (Requires YAF to be built with --enable-fpexporter.)
	Changed yaf to only export the p0f-related elements (osName, etc) when the --p0fprint option is given. (Requires YAF to be built with --with-p0f.)
	Fixed a crash in YAF that occurs when it is built with GLib 2.75.3 or newer.
yaf-3.0.0.alpha2-1.el7.x86_64 [799 KiB] Changelog by Lawrence R. Rogers (2023-02-09):
* Release 3.0.0.alpha2-1
	Enhanced the deep packet inspection capabilities for SSH connections to include negotiated algorithms and HASSH hash.
	Added the JA3 hash to the DPI for TLS connections.
	Made several changes to the yafDPIRules.conf file for applabels written as C plugins: Allow the user to disable the export of arbitrary DPI elements and SMTP headers.
		Allow a protocol to be specified. Moved the regex definitions from C to yafDPIRules.conf.
	Increased the maximum payload that YAF may capture for performing DPI.
	Fixed a potential bug in the Shannon entropy calculation that may cause small differences in calculated values.
yaf-3.0.0.alpha1-1.el7.x86_64 [776 KiB] Changelog by Lawrence R. Rogers (2022-02-28):
* Release 3.0.0.alpha1-1

	Merged the configuration files yafApplabelRules.conf and yafDPIRules.conf into a single
		file written in Lua. Previous versions of those files will not work with this version of yaf.
	Changed Deep Packet Inspection (DPI) support to be compiled into yaf when requested
		by configure; it is no longer a plug-in. Run configure with --enable-dpi to enable the
		capability; run yaf with --dpi to use it. Specifying --dpi enables application labeling;
		it is no longer necessary to explicitly specify --applabel when enabling DPI.
	Changed yaf to export metadata about information elements and templates by default:
		both as compile-time and run-time options. To disable on an invocation, run yaf with
		the --no-element-metadata and/or --no-template-metadata switches. To disable support
		entirely, pass --disable-metadata-export to configure. (Note that super_mediator-2.0.0
		works best with template metadata enabled.)
	Updated yaf to use the enhanced template metadata available in libfixbuf-3.0.0. This
		allows yaf to declare that it only uses some templates within sub-records (that is,
		within a subTemplateList or subTemplateMultiList). The metadata also describes the
		information element yaf uses in its basicLists.
	Added the yaf command line option --payload-applabel-select to enable exporting payload data for only selected appLabel values.
	Updated the regular expressions used for application-labeling.
	Changed numerous aspects of the DPI data.
	Updated, rearranged, and fixed bugs in SMTP DPI.
	Added fields for more DNSSEC values and fixed other bugs in DNS DPI.
	Renamed the configure option --enable-p0fprinter to --with-p0f.
	Renamed the configure option --enable-ndpi to --with-ndpi.
	Fixed bugs in POP3 DPI.
	Removed support for the Spread toolkit.
	Removed support for the popt options parser.
	Updated fixbuf requirement to libfixbuf-3.0.0.

Listing created by Repoview-0.6.6-4.el7