yaf - Yet Another Flow sensor

License: GPL
YAF is Yet Another Flow sensor. It processes packet data from pcap(3) dumpfiles
as generated by tcpdump(1) or via live capture from an interface using pcap(3)
or an Endace DAG card into bidirectional flows, then exports those flows to
IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can
be used with the NetSA Aggregated Flow (NAF) toolchain.


yaf-3.0.0.alpha2-1.fc35.src [1.8 MiB] Changelog by Lawrence R. Rogers (2023-02-09):
* Release 3.0.0.alpha2-1
	Enhanced the deep packet inspection capabilities for SSH connections to include negotiated algorithms and HASSH hash.
	Added the JA3 hash to the DPI for TLS connections.
	Made several changes to the yafDPIRules.conf file for applabels written as C plugins: Allow the user to disable the export of arbitrary DPI elements and SMTP headers.
		Allow a protocol to be specified. Moved the regex definitions from C to yafDPIRules.conf.
	Increased the maximum payload that YAF may capture for performing DPI.
	Fixed a potential bug in the Shannon entropy calculation that may cause small differences in calculated values.
yaf-3.0.0.alpha1-1.fc35.src [1.8 MiB] Changelog by Lawrence R. Rogers (2022-02-28):
* Release 3.0.0.alpha1-1

	Merged the configuration files yafApplabelRules.conf and yafDPIRules.conf into a single
		file written in Lua. Previous versions of those files will not work with this version of yaf.
	Changed Deep Packet Inspection (DPI) support to be compiled into yaf when requested
		by configure; it is no longer a plug-in. Run configure with --enable-dpi to enable the
		capability; run yaf with --dpi to use it. Specifying --dpi enables application labeling;
		it is no longer necessary to explicitly specify --applabel when enabling DPI.
	Changed yaf to export metadata about information elements and templates by default:
		both as compile-time and run-time options. To disable on an invocation, run yaf with
		the --no-element-metadata and/or --no-template-metadata switches. To disable support
		entirely, pass --disable-metadata-export to configure. (Note that super_mediator-2.0.0
		works best with template metadata enabled.)
	Updated yaf to use the enhanced template metadata available in libfixbuf-3.0.0. This
		allows yaf to declare that it only uses some templates within sub-records (that is,
		within a subTemplateList or subTemplateMultiList). The metadata also describes the
		information element yaf uses in its basicLists.
	Added the yaf command line option --payload-applabel-select to enable exporting payload data for only selected appLabel values.
	Updated the regular expressions used for application-labeling.
	Changed numerous aspects of the DPI data.
	Updated, rearranged, and fixed bugs in SMTP DPI.
	Added fields for more DNSSEC values and fixed other bugs in DNS DPI.
	Renamed the configure option --enable-p0fprinter to --with-p0f.
	Renamed the configure option --enable-ndpi to --with-ndpi.
	Fixed bugs in POP3 DPI.
	Removed support for the Spread toolkit.
	Removed support for the popt options parser.
	Updated fixbuf requirement to libfixbuf-3.0.0.

Listing created by Repoview-0.6.6-4.el7