YAF Release 2.4.0, 2013-May-3

Downloads

yaf-2.4.0.tar.gz (1.3MiB)

(MD5=27a3c5bc7f45da67f1d395e969232824)

(SHA1=0c5efb5543e61d0acd91b7e2b028d8f6d3497ae8)

Notes

New HTTP DPI Fields
Updated DPI Elements
Bug Fix to not replace yaf.conf on install
New application label: VMware server console
Added support to decode ERSPAN headers
Drop statistics are updated when statistics messages are exported
yafcollect bug fix
Other Bug Fixes

YAF Release 2.3.3, 2013-Jan-30

Downloads

yaf-2.3.3.tar.gz (1.3MiB)

(MD5=45a08384bfe43d62101fc0b9d4d85ceb)

(SHA1=c97ace1ba4d0887cbe0d0e5b9bf5549af2eb12b4)

Notes

init.d script improvements
Allow yafmeta2pcap to accept multiple files
Report drop statistics on SigUsr1
Bug Fixes

YAF Release 2.3.2, 2012-Sep-14

Downloads

yaf-2.3.2.tar.gz (1.3MiB)

(MD5=2f69d03ec267fff15294d3b46eda6d6a)

(SHA1=649382ab3c8b44bdcadbff00b4199174bdd2ca21)

Notes

Bug Fix to maintain compatibility with older versions of GLib and libpcap

YAF Release 2.3.1, 2012-Sep-10

Downloads

yaf-2.3.1.tar.gz (1.3MiB)

(MD5=e5aedbea94ccfa8dee94c529963763c5)

(SHA1=d05b477c5dd96801d2fdcd6a00a7ae73023ffa6e)

Notes

DPI Improvements
Additional Pcap Export Option --index-pcap
Add option to manually set ingress/egress interface fields
Add tool to create pcap from pcap metafile
Bug Fixes

YAF Release 2.3.0, 2012-Jul-31

Downloads

yaf-2.3.0.tar.gz (1.3MiB)

(MD5=840836a94d07e00c4e3cedbbda318c9d)

(SHA1=3a103b958b0b60dbd4ca06a34c6b3ce512b70660)

Notes

Added DHCP Fingerprinting Capability
Added ability to export DNSSEC information
Significant X.509 Certificate Capture and Export Enhancements
Added Bivio Interface Labeling
DPI Improvements
Added Enhanced Flow Attributes and Statistics Export
Added ability to index PCAP file
Added New Application Labels: MGCP, MEGACO
Bug Fixes

YAF Release 2.2.2, 2012-Mar-30

Downloads

yaf-2.2.2.tar.gz (1.3MiB)

(MD5=033658f3b04ae67573414e805d84a7cf)

(SHA1=03ea518d322d3ce76f312a71e5e444eb5a6a7273)

Notes

Bug Fix for Vlan Tagging

YAF Release 2.2.1, 2012-Mar-8

Downloads

yaf-2.2.1.tar.gz (1.3MiB)

(MD5=69a84be4240a776b90a8a1e277724330)

(SHA1=4167adb8b0c8483c8f52e20a9a64b3be886a3a8c)

Notes

Bug Fixes

YAF Release 2.2.0, 2012-Feb-29

Downloads

yaf-2.2.0.tar.gz (1.3MiB)

(MD5=1d6c295af9689c1f0afb0648a51e1638)

(SHA1=b0a6454eb09cb80848f29fc42f9a004f6f76f31a)

Notes

New Application Labels (MSNP, RTP, RTCP, Jabber)
Rolling Pcap output and pcap-per-flow options.
CERT p0f Fingerprints included.
New option to process out-of-sequence flows.
Several other bug fixes.

YAF Release 2.1.2, 2011-Sep-23

Downloads

yaf-2.1.2.tar.gz (1.2MiB)

(MD5=77ab8927db0cb28965d70dbceb65a1f4)

(SHA1=3b04391c884d32d9bb0a5d38884e2a21fd0ff7ca)

Notes

Added new --plugin-conf switch for adding a configuration file to a plugin
Added new --p0f-fingerprints switch to give location of p0f fingerprint files
Bug Fixes

YAF Release 2.1.1, 2011-Aug-11

Downloads

yaf-2.1.1.tar.gz (1.2MiB)

(MD5=38327263db66231b821bc7b043839459)

(SHA1=2c5c16569176103ac361ebd932a03ec742544ee0)

Notes

Important bug fix for application labeling SSL plugin

YAF Release 2.1.0, 2011-Jul-27

Downloads

yaf-2.1.0.tar.gz (1.2MiB)

(MD5=db26850db82f6bd0cb83c2ad76093242)

(SHA1=7c7909c261ad8c99a188b30df49d4019ccb25702)

Notes

New Information Element exported in every flow record, flowAttributes (CERT PEN 6871, IE 40).
YAF now checks if a flow has fixed-size packets and exports this flag using the new flowAttributes Information Element (see yaf)
Reset Application Label on UDP-uniflows for Deep Packet Inspection
Fixed yafscii invalid parameter bug that may have existed on certain platforms
Added VNC (RFB Protocol) application label
DPI Enhancements
FlowEndReason IPFIX field is now set to 31 for udp-uniflows
For Cygwin: Added support for getting the yaf config directory via the Windows Registry
Several other bug fixes

YAF Release 2.0.2, 2011-Jun-13

Downloads

yaf-2.0.2.tar.gz (1.2MiB)

(MD5=eeba137f18b42ae170884eefc30668db)

(SHA1=ff4318189835f050a040c799798a5e1714766dd0)

Notes

Improvements with Reassembly of TCP Fragments.
Bug Fix for DNS Deep Packet Inspection.
--no-frag switch now works.
Bug Fix for expiring flows that exceed the idle timeout when reading from a file.
Added the ability to configure YAF with WinPCAP.

YAF Release 2.0.1, 2011-May-23

Downloads

yaf-2.0.1.tar.gz (1.2MiB)

(MD5=57a9fe9579c614d0ebc42c27522b30cd)

(SHA1=6724749533ab44b53afde3d5466599544ce43018)

Notes

Bug Fix for compile error with --enable-daginterface
Enhancement for SNMPv3 application labeler

YAF Release 2.0.0, 2011-Apr-28

Downloads

yaf-2.0.0.tar.gz (1.2MiB)

(MD5=ebbe7206d9ebe2fa9683119aee44f11d)

(SHA1=c4daea3fff94fb8520fa4dd61ad6a5ac3bbb8b6c)

Notes

This version requires libfixbuf-1.0.0 or greater.
Added Napatech Adapter Integration (requires libpcapexpress).
YAF now exports TCP, payload, finger printing, p0f, MAC, entropy, and DPI flow information within an IPFIX subTemplateMultiList data type.
Added the ability to export YAF capture statistics using IPFIX Options Templates.
The --stats or --no-stats were added to configure YAF stats output.
Added the ability to define Spread group types to use Spread as a manifold for flow export based on application, port, protocol, version, or vlan.
Added New Application Labels: DHCP, AIM, SOCKS, SMB, SNMP, NETBIOS.
Added a time-out buffer flush function.
Added SSL Certificate Capture.
Added DNS Resource Record Parsing.
Added Deep Packet Inspection for the MySQL protocol.
The --silk switch will maintain compatibility with SiLK by not nesting TCP information in the subTemplateMultiList data type.
Deep Packet Inspection elements are read from one configuration file.
Added the ability to create new DPI elements from configuration file.
Added UDP Export and Template Retransmission.
Many Bug fixes and other enhancements.

YAF Release 1.3.2, 2011-Feb-3

Downloads

yaf-1.3.2.tar.gz (1.2MiB)

(MD5=e69355d28703eb54a6aa095152cd98d8)

(SHA1=442de2614feb6d6dd4da86f7d4598d6913fd0141)

Notes

Bug fix for dnsplugin.c
Minor bug fix for fingerprint exporting.

YAF Release 1.3.1, 2010-Oct-6

Downloads

yaf-1.3.1.tar.gz (1.2MiB)

(MD5=cf7602056d8eaa157f5a53f77d193761)

(SHA1=d2af7e8bf95698bb46487ca0829573b14b529fcf)

Notes

Important bug fix for p0f or fpexport enabled code.
Fixed bug in DNS Application Labeling Decoder.
Removed machine learning code for future work.

YAF Release 1.3.0, 2010-Sep-20

Notes

Vlan tags are now a part of the flow key.
Vlan tags are now always exported.
--mac flag exports MAC addresses.
Fixed bug in DNS Application Labeling Decoder.
Fixed bug in libp0f Makefile.
Added --print-header switch to yafscii for use with tabular mode to print column headers.
Added --mac switch to yafscii to support printing of MAC addresses in tabular mode.

YAF Release 1.2.0, 2010-Jul-27

Notes

Spread support has been added into libfixbuf and YAF to allow publish subscribe distribution of YAF sensor output.
Plugin support has returned to YAF to support basic deep packet inspection (DPI) and application labeling (see yafdpi ).
Added 9 new protocols to the application labeling feature (see applabel).
Added ability for signature detection through the application labeling mechanism.
Added --udp-uniflow switch to capture each UDP packet on a set port and export the payload (for DNS dissector creation).
Added --udp-payload to concatenate and export payload up to the max-payload value.
DNS DPI can be restricted to Authoritative and NXDomain responses only via compile switches.
Enhanced payload capture for TCP streams with out-of-order SYN packets.
Fixed a bug in processing small (less than 64-packets) PCAP files.
Fixed IPv6 header options bug.
Fixed bug in parsing capability for strings longer than 80 columns.
Added p0f passive OS labeling capability from community libp0f.
Added Berkley Packet Filtering (BPF) switch --filter.

YAF Release 1.0.0.2, 2009-Mar-18

Notes

Fix to the --rotate switch so that it actually works.
Added the --noerror switch so that when a caplist set of PCAP files are processed, all files will be attempted even if there is a malformed PCAP in the middle of the list.
Added the --dag-interface switch (along with configure option --enable-daginterfaces) that will record the physical interface a packet arrived on in the flow table.

YAF Release 1.0.0, 2008-Sep-9

Notes

Airframe has now been merged into YAF and does not need to be separately installed.
Fixes to the configure system to allow external pcap libraries, (Bivio, nPulse, DAG) have been fixed.
multithreading in the future.

YAF Release 0.8.0, 2008-Jan-18

Notes

Add experimental packet classifier support to YAF.
Experimental plugin support has been removed.

YAF Release 0.7.2, 2007-Nov-30

Notes

Add experimental YAF plugin support.

YAF Release 0.7.1, 2007-Aug-29

Notes

Add ability to decode PPP and PPPoE headers.
Add experimental startup script in etc/.
Fix --lock option bug; change --rotate file naming to minimize collision.

YAF Release 0.7.0, 2007-Aug-15

Notes

Complete rewrite of YAF's main loop for simplicity and performance. Input and output command-line configuration options have changed, and some features are no longer available; see the yaf(1) manpage for details.
Complete rewrite of the packet decoder and fragment reassembler for IPv6 flow assembly and for future flexibility.
Add ability to decode IPv6 headers and create IPv6 flows.

YAF Release 0.6.0, 2007-May-17

Notes

Add tabular output to yafscii.
Add ability to decode IP over C-HDLC and GRE.
Update to fixbuf 0.6.0 API.
Add ability to export via IPFIX over TLS and IPFIX over SCTP.
Various bugfixes.

YAF Release 0.5.0, 2006-Sep-29

Notes

Add Endace DAG capture support.
Add ability to drop privileges during live capture.
Add ability to decode (but not export) MPLS information.
Update to fixbuf 0.5.0 API.
Numerous internal performance and reliability enhancements.

YAF Release 0.1.6, 2006-Jul-7

Notes

Add ability to process pcap trace files (those containing headers only, and not full packet payload).
Add ability to decode 802.1q VLAN headers, and to export VLAN tags.
Fix bugs in yafscii I/O handling that led to instability on close.