YAF is a flowmeter software that serves as a simple yet powerful tool for measuring network traffic flow.
One of the notable features of YAF is its support for partial payload capture. This feature is meant for use in "banner grabbing" for protocol verification and service presence detection. However, it is still experimental at this stage.
Some may ask why the world needs another flowmeter software; YAF is intended as an experimental implementation tracking developments in the IETF IPFIX working group. YAF is designed to perform acceptably as a flow sensor on any network, but tradeoffs between raw performance and clarity of design have been made in favor of the latter.
The YAF toolchain presently consists of two tools, yaf itself, and yafscii, which converts yaf output into ASCII format. Building YAF requires several libraries such as glib, libairframe, libfixbuf version 0.7.0 or later, and libpcap. In addition, Endace DAG live input support requires libdag. The YAF application labeling functionality requires the Perl regular expression library, PCRE.
The YAF applications also require the included libyaf library, which implements YAF file and network I/O, packet decoding, fragment assembly, and flow generation. YAF uses a standard autotools-based build system.
There are some known issues with YAF, such as its inability to interoperate with previous versions and a nonstandard information element for ICMP type and code information for ICMP or ICMP6 flows.
Overall, YAF is a useful software for experimental implementation and network flow analysis. It is a well-designed software that performs acceptably and can be used with other flow analysis tools.
Version 0.8.1: N/A