Downloads

ChangeLog for 0.9.3lmw3

• bgpDecode:
  • Renamed Packet/flowIndex/Timestamp to pktNo/flowInd/time in output files
• httpSniffer:
  • Added antivirus information
• mndpDecode:
  • Removed MNDP_SAVE configuration flag (exact same output as packet mode)
• ospfDecode:
  • Renamed NumPkts to pktNo in output files
• sslDecode:
  • Added support for QUIC
  • Fixed JA4/JA4S computation for special cases (no signature algorithms, …)
  • Updated sslblacklist.[ct]sv
  • Updated JA4/JA4S fingerprints
  • Various fixes and improvements
• tcpFlags:
  • Renamed tcpInitWinSz_tcpSSAOpts_tcpMSS_tcpWS to tcpJA4T (JA4T/JA4TS)
  • Improved and extended counting of flags and flags combinations
  • Various fixes and improvements
• vrrpDecode:
  • Renamed flowIndex to flowInd in vrrp.txt file
• t2conf:
  • Various fixes and improvements
• t2py:
  • Various fixes and improvements
• t2test:
  • Various fixes and improvements
• t2utils.sh:
  • Added tests
  • Added $PYTHON variable
• New plugins:
  • centrality
  • dfft
  • gquicDecode
  • gsmDecode
  • liveXtr
  • quicDecode
  • regexHyperscan
  • regex_re2
  • telegram
  • wechatDecode

ChangeLog for 0.9.3lmw2

• tranalyzer2:
  • New macros:
    • FLOW_DIR_C_A, FLOW_DIR_C_B
    • FLOW_DIR_S_A, FLOW_DIR_S_B
    • FLOW_DIR_C(), FLOW_DIR_S()
    • OUTBUF_APPEND_IPV(), OUTBUF_APPEND_ARRAY_IPV()
    • OUTBUF_APPEND_ARRAY_IPVX()
• sslDecode:
  • Updated SSL blacklist
• voipDetector:
  • Improved SIP detection resilience
  • Extended output regarding SIP methods
  • Renamed output columns (changed prefix from voip to {sip,sdp,rtp,rtcp}
  • Various fixes and improvements
• tawk:
  • shark:
    • Various fixes and improvements
• t2conf:
  • Various fixes and improvements
• New plugin:
  • covertChannels

ChangeLog for 0.9.3lmw1

• tranalyzer2:
  • Fixed print format for nanoseconds in monitoring mode
  • Added current date to final report
  • Added number of L2 packets to monitoring and final reports
• basicStats:
  • Renamed numPkts{Rcvd,Snt,RTAggr} to pkts{Rcvd,Snt,RTAggr}
  • Renamed numBytes{Rcvd,Snt,RTAggr} to l[2347]Bytes{Rcvd,Snt,RTAggr}
  • Renamed {min,max,ave,var,std}PktSize to {min,max,ave,var,std}L[2347]PktSz
  • Added BS_SK configuration flag and {skew,kur}L[2347]PktSz and {skew,kur}IAT columns
  • Added BS_PAD configuration flag and padBytesSnt column
• nDPI:
  • Updated nDPI library to version 4.10
• pcapd:
  • New t2topcap script: convert pcapng files to pcap
• sslDecode:
  • Updated SSL blacklist
• tcpFlags:
  • Renamed tcpAveWinSz, tcpRTTAckTripAve, tcpRTTAckTripJitAve and tcpRTTAckJitAve to tcpAvgWinSz, tcpRTTAckTripAvg, tcpRTTAckTripJitAvg and tcpRTTAckJitAvg
  • Added TCPFLGCNT configuration flag and tcpCntFIN_SYN_RST_PSH_ACK_URG_ECE_CWR column
• t2build:
  • Added --no-sink option
• t2fm:
  • Added -N option to generate report from NetFlow data
  • Added progress report and time taken to generate report
  • Various fixes and improvements
• t2utils.[ch]:
  • Added T2_CONV_NUM_SFX macro
• t2utils.sh:
  • Added printf{bold,err,inf,ok,wrn} functions
  • Added test_min_version function
• t2_aliases:
  • New t2topcap alias
• tawk:
  • print{bold,err,inf,ok,wrn}: added parameter to omit trailing newline
  • New functions:
    • hrtime: convert timestamps (seconds) to human readable form
    • printbold: print text in bold