ChangeLog for Tranalyzer2 version 0.9.4lmw1 (July 2025) * tranalyzer2: * Added MONITORING_LAST configuration flag to only keep last entry in monitoring file (-m option) * New macros: * OUTBUF_APPEND_STR_OR_EMPTY() * OUTBUF_APPEND_STR_AND_FREE_FUNC() * OUTBUF_APPEND_ARRAY_STR_AND_FREE_FUNC() * Improved monitoring mode: * Fixed ns/us timestamps in core and monitoring mode * -M option now also valid for pcap time base option MONINTTMPCP * More precision for pcap time base option MONINTTMPCP * Faster, larger but less memory intensive subnet files, new format ver 6 NOTE: NOT backward compatible with earlier versions * Improved faster search algorithm for subnet files and tor info * Removed bug in -R/-D option, in ns mode (Thanks to the guys at University Twente) * Fix LAPD_OVER_UDP dissection * Code cleanup * Various fixes and improvements * basicFlow: * Fixed ASN output * More details in packet mode * basicStats: * Improved packet mode * tcpFlags: * Fixed JA4T/JA4TS signatures, various fixes and improvements * connStat: * Fixed FP_LOG macros for subnet aggregation mode * bgpDecode: * Used HDR_CHR and SEP_CHR in output files * dnsDecode: * Updated new source for maldomain.txt, format change NOTE: NOT backward compatible with earlier versions * sslDecode: * Added support for JA4X fingerprints and certificate reassembly (thanks Etienne for the patch!) * Updated sslblacklist.[ct]sv * voipDetector: * Now decodes every SIP flow * Added more detailed call info in flow and packet mode * Improved SIP / RTP flow correlation * Added config more options * regexHyperscan: * Added usage if filename argument or file does not exist * t2utils.h: * Introduced MIN4() and MAX4() macros * gt2whois: * GTK 4 graphical user interface to t2whois * New plugins: * entropyFSeg * entropySeg