Latest news
News archive
News archive
Tranalyzer2 Cobra version 0.9.4lmw1 is out!
Downloads
Source code | tranalyzer-0.9.4lmw1.tar.gz |
Docker | tranalyzer-0.9.4lmw1-ubuntu.tar.gz |
ChangeLog for 0.9.4lmw1
- tranalyzer2:
- Added
MONITORING_LAST
configuration flag to only keep last entry in monitoring file (-m
option) - New macros:
- Improved monitoring mode:
- Fixed ns/us timestamps in core and monitoring mode
-M
option now also valid for pcap time base optionMONINTTMPCP
- More precision for pcap time base option
MONINTTMPCP
- Faster, larger but less memory intensive subnet files, new format ver 6 NOTE: NOT backward compatible with earlier versions
- Improved faster search algorithm for subnet files and tor info
- Removed bug in
-R
/-D
option, in ns mode (Thanks to the guys at University Twente) - Fix
LAPD_OVER_UDP
dissection - Code cleanup
- Various fixes and improvements
- Added
- basicFlow:
- Fixed ASN output
- More details in packet mode
- basicStats:
- Improved packet mode
- Improved packet mode
- tcpFlags:
- Fixed [JA4T/JA4TS](https://github.com/FoxIO-LLC/ja4 signatures, various fixes and improvements
- connStat:
- Fixed
FP_LOG
macros for subnet aggregation mode
- Fixed
- bgpDecode:
- Used
HDR_CHR
andSEP_CHR
in output files
- Used
- dnsDecode:
- Updated new source for maldomain.txt, format change NOTE: NOT backward compatible with earlier versions
- sslDecode:
- Added support for JA4X fingerprints and certificate reassembly (thanks Etienne for the patch!)
- Updated sslblacklist.[ct]sv
- voipDetector:
- Now decodes every SIP flow
- Added more detailed call info in flow and packet mode
- Improved SIP / RTP flow correlation
- Added config more options
- regexHyperscan:
- Added usage if filename argument or file does not exist
- t2utils.h:
- Introduced
MIN4()
andMAX4()
macros
- Introduced
- gt2whois:
- GTK 4 graphical user interface to t2whois
- New plugins:
- entropyFSeg
- entropySeg
Tranalyzer2 Cobra version 0.9.3lmw3 is out!
ChangeLog for 0.9.3lmw3
- bgpDecode:
- Renamed
Packet
/flowIndex
/Timestamp
topktNo
/flowInd
/time
in output files
- Renamed
- httpSniffer:
- Added antivirus information
- mndpDecode:
- Removed
MNDP_SAVE
configuration flag (exact same output as packet mode)
- Removed
- ospfDecode:
- Renamed
NumPkts
topktNo
in output files
- Renamed
- sslDecode:
- Added support for QUIC
- Fixed JA4/JA4S computation for special cases (no signature algorithms, …)
- Updated sslblacklist.[ct]sv
- Updated JA4/JA4S fingerprints
- Various fixes and improvements
- tcpFlags:
- Renamed
tcpInitWinSz_tcpSSAOpts_tcpMSS_tcpWS
totcpJA4T
(JA4T/JA4TS) - Improved and extended counting of flags and flags combinations
- Various fixes and improvements
- Renamed
- vrrpDecode:
- Renamed
flowIndex
toflowInd
invrrp.txt
file
- Renamed
- t2conf:
- Various fixes and improvements
- t2py:
- Various fixes and improvements
- t2test:
- Various fixes and improvements
- t2utils.sh:
- Added tests
- Added
$PYTHON
variable
- New plugins:
- centrality
- dfft
- gquicDecode
- gsmDecode
- liveXtr
- quicDecode
- regexHyperscan
- regex_re2
- telegram
- wechatDecode
Tranalyzer2 Cobra version 0.9.3lmw2 is out!
ChangeLog for 0.9.3lmw2
- tranalyzer2:
- sslDecode:
- Updated SSL blacklist
- voipDetector:
- Improved SIP detection resilience
- Extended output regarding SIP methods
- Renamed output columns (changed prefix from
voip
to{sip,sdp,rtp,rtcp}
- Various fixes and improvements
- tawk:
shark
:- Various fixes and improvements
- t2conf:
- Various fixes and improvements
- New plugin:
- covertChannels