The latest releases of YAF 2.x are listed below.

See also pre-releases of YAF 3.x and all YAF releases.

YAF Binary Package

On a Redhat, Fedora, or RPM-based host, the easiest way to install YAF is using the CERT Linux Forensics Tools Repository.

Follow their instructions to add the Tools Reposistory to the locations your system looks for packages, and use yum to find the YAF package and yum will install its dependencies.

Another approach is to download the YAF package from their site and install YAF and its dependencies manually.

YAF Release 2.15.0, 2023-Dec-21

Downloads

yaf-2.15.0.tar.gz (2.1MiB)

(SHA256=3743d2f7b9bac3ac2ee2017dc26f6d7c5775dfdf95062ef7fa29c8c793e9472f)

Changelog

  • Enhanced the deep packet inspection capabilities for SSH connections to include negotiated algorithms and HASSH hash.
  • Added the JA3 hash to the DPI for TLS connections.
  • Added support for reading VxLAN-encapsulated packets, Geneve-encapsulated packets, and Geneve-encapsulated VxLAN-encapsulated packets.
  • Fixed TLS certificate parsing to be more selective on which values are stored in the list of sslObjectType-sslObjectValue pairs.
  • Fixed a potential bug in the Shannon entropy calculation that may cause small differences in calculated values.

YAF Release 2.14.0, 2023-Mar-23

Downloads

yaf-2.14.0.tar.gz (2.1MiB)

(SHA256=cf9e40428690387de7db78e27981c47b72664e4129a6b348ed19ea831f2ee019)

Changelog

  • Changed DNS deep packet inspection to produce names and text records with escape codes for special characters (non-ASCII, non-printable, special whitespace, and label-internal dots in names).
  • Made DNS deep packet inspection more strict about parsing malformed DNS Resource Records across RR boundaries within the packet.
  • Changed destination of --version output to the standard output.
  • Fixed a crash in YAF that occurs when it is built with GLib 2.75.3 or newer.

YAF Release 2.13.0, 2023-Feb-9

Downloads

yaf-2.13.0.tar.gz (2.1MiB)

(SHA256=a4c0a7cec4b3e78cde7a9bcd051e3e6bcb88c671494745ac506f1843756a61a3)

Changelog

  • Added ability for yaf to limit payload export to a named set of applabels.
  • Increased the maximum payload that YAF may capture for performing DPI.
  • Added support for recent releases of nDPI.
  • Added yaf.init to the list of installed files.
  • Stopped export of full flow template that is never used for data records.
  • Fixed minor bug in --version where Compact IPv4 support always reported NO.
  • Fixed bugs in regular expressions for nntpResponseRegex and smtpURLRegex.

YAF Release 2.12.2, 2021-Oct-14

Downloads

yaf-2.12.2.tar.gz (2.1MiB)

(SHA256=0f3634887b68c695c80472ed17f3a2ebfbf86f841d23a2d48534afc8b637afcb)

Changelog

  • Added new protocols to the yafAppLabelRules.conf file and updated several regular expressions.
  • Changed the regexes used by the SMTP DPI plugin and improved capture when multiple messages appear in a single SMTP session.
  • Fixed a crash in the SMTP DPI plugin when reading uniflow records.
  • Updated the POP3 DPI plugin.
  • Updated yafzcbalance to be compatibile with PF_Ring-8.