YAF - Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF's output can be used with the NetSA Aggregated Flow (NAF) toolchain and the SiLK tools.

NAF - The NetSA Aggregated Flow (NAF) tools create and manipulate the IPFIX-based NAF file format, designed as a common format for aggregate network flow analysis.

fixbuf - The fixbuf library provides a set of functions for processing the IPFIX protocol message format. Using fixbuf, developers can build IPFIX Collecting and Exporting Processes.

AirDBC - AirDBC is the AirCERT Database Connectivity abstraction layer for access to multiple RDBMS backends in C. It provides the database API used by CERT NetSA applications.

SiLK - The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.

Portal - The NetSA Security Portal is a modular, extensible web interface to network monitoring information. It provides a simple way to present network data and analysis results from YAF, NAF, SiLK and RAVE to end-users such as system administrators or NOC personnel.

RAVE - The Retrospective Analysis and Visualization Engine (RAVE) is an extensible analysis middleware platform based on Python that simplifies the task of building analysis environments on top of a network monitoring and collection infrastructure.

IPA - The IP Address Association library provides efficient data structures for manipulating labelings of IP addresses and IP address ranges.

Airframe - Airframe is an application utility library built on glib designed to ease the creation of command-line network data processing applications written in C. It is the mechanism by which the NAF tools have a common interface.