AirDBC 0.2.4, 2009-May-21

AirDBC is the AirCERT Database Connectivity abstraction layer for access to multiple RDBMS backends in C. It provides the database API used by CERT NetSA applications.

The AirDBC library is no longer a separate project, and now comes pre-packaged with projects that use it.


airframe 0.7.2, 2008-Jan-19

Airframe is an application utility library designed to ease the creation of command-line applications written in C that process data from a variety of input sources to a variety of output sources. It builds atop the fundamental data structures and utilities in glib 2.0, adding additional higher-level functionality.

The Airframe library is no longer a separate project, and now comes pre-packaged with projects that use it.


Live CD

There are two Live CD images available. They both contain SiLK software and reference data. The SiLK 2.4.2 LiveCD also contains yaf, including configuration and start-up files that allow the booted image to function as a stand-alone flow collector.

On the 2.4.2 LiveCD: After automatically being logged in, to start the flow collector su to root and run "service rwflowpack start" followed by "service yaf start" to begin collecting flow data on the main wired ethernet interface. To examine the reference data instead of collected data, issue "export SILK_DATA_ROOTDIR=/data/SiLK-LBNL-05" before using the SiLK tools.

SiLK 2.4.2 LiveCD (Fedora 14)


SiLK 1.1.9 LiveCD (Fedora 10)


The reference data is derived from LBNL-05 packet trace data, and it is also available as a separate download.

New SiLK LiveCD images are no longer being produced.

NAF 0.6.0, 2007-May-17

NAF is the NetSA Aggregated Flow toolchain. The NAF tools create and manipulate the IPFIX-based NAF file format, designed as a common format for aggregate network flow analysis. The most important difference between aggregate and raw flows is that the NAF format splits and aggregates flows into constant-size time bins. Information about the exact start time of each flow, and flow duration, is lost.

The NAF toolchain is no longer under active development.


p0f fingerprints 2012032901

The CERT p0f fingerprint database is an update to the original SYN fingerprint database (p0f.fp) included with p0f version 2.0.8. (This project is no longer under active development.)

Portal 0.9

The NetSA Security Portal is a modular, extensible web interface to network monitoring information. It provides a simple way to present network data and analysis results from YAF, SiLK and RAVE to end-users such as system administrators or NOC personnel. (This project is no longer under active development.)

RAVE 1.9.16

The Retrospective Analysis and Visualization Engine (RAVE) is an extensible analysis middleware platform based on Python that simplifies the task of building analysis environments on top of a network monitoring and collection infrastructure. (This project is no longer under active development.)