apt-get install libpcap-dev
apt-get install automake
apt-get install automake-1.15
https://tools.netsa.cert.org/yaf/yafdpi.html
http://aircert.sourceforge.net/airframe/
Before compiling Yaf, you need to compile and install the IPFIX library called libfixbuf is required (https://tools.netsa.cert.org/fixbuf/download.html). You will need libglib2.0-dev to compile libfixbuf.
./configure
make
sudo make install
sudo ldconfig
Then you can (download)[https://tools.netsa.cert.org/yaf/download.html], compile and install Yaf. You will need libpcap-dev.
./configure --enable-plugins --enable-applabel --enable-entropy
make
sudo make install
sudo ldconfig
sudo yaf --plugin-name=/usr/local/lib/yaf/dpacketplugin.la --live=pcap --in=eth0 --max-payload=512 --applabel --out=../../data/yaf
Passive DNS capture
yaf --plugin-name=/usr/local/lib/yaf/dpacketplugin.la --rotate 300 --live=pcap --in=eth0 --plugin-opts="53 80 443 110 21" --max-payload=2048 --udp-uniflow=53 --applabel --out=../../data/yaf
Passive DNS capture (live yaf -> super_mediator
yaf --plugin-name=/usr/local/lib/yaf/dpacketplugin.la --live=pcap --in=wlp4s0 --plugin-opts="53 80 443 110 21" --max-payload=2048 --udp-uniflow=53 --applabel --out=/dev/stdout | super_mediator --print-headers -i - -o - -m JSON | jq .
yafscii --in yaf --out - --tabular
super_mediator -i yaffile -o - -m TEXT
super_mediator -i yaf-20151206175818-00536.yaf -f 0,1,29,73 -o - -m TEXT
super_mediator -i yaf-20160328121250-00002.yaf -o - -m JSON