Downloads

ChangeLog for 0.9.4lmw1

• tranalyzer2:
  • Added MONITORING_LAST configuration flag to only keep last entry in monitoring file (-m option)
  • New macros:
    • OUTBUF_APPEND_STR_OR_EMPTY()
    • OUTBUF_APPEND_STR_AND_FREE_FUNC()
    • OUTBUF_APPEND_ARRAY_STR_AND_FREE_FUNC()
  • Improved monitoring mode:
    • Fixed ns/us timestamps in core and monitoring mode
    • -M option now also valid for pcap time base option MONINTTMPCP
    • More precision for pcap time base option MONINTTMPCP
  • Faster, larger but less memory intensive subnet files, new format ver 6 NOTE: NOT backward compatible with earlier versions
  • Improved faster search algorithm for subnet files and tor info
  • Removed bug in -R/-D option, in ns mode (Thanks to the guys at University Twente)
  • Fix LAPD_OVER_UDP dissection
  • Code cleanup
  • Various fixes and improvements
• basicFlow:
  • Fixed ASN output
  • More details in packet mode
• basicStats:
  • Improved packet mode
  • Improved packet mode
• tcpFlags:
  • Fixed [JA4T/JA4TS](https://github.com/FoxIO-LLC/ja4 signatures, various fixes and improvements
• connStat:
  • Fixed FP_LOG macros for subnet aggregation mode
• bgpDecode:
  • Used HDR_CHR and SEP_CHR in output files
• dnsDecode:
  • Updated new source for maldomain.txt, format change NOTE: NOT backward compatible with earlier versions
• sslDecode:
  • Added support for JA4X fingerprints and certificate reassembly (thanks Etienne for the patch!)
  • Updated sslblacklist.[ct]sv
• voipDetector:
  • Now decodes every SIP flow
  • Added more detailed call info in flow and packet mode
  • Improved SIP / RTP flow correlation
  • Added config more options
• regexHyperscan:
  • Added usage if filename argument or file does not exist
• t2utils.h:
  • Introduced MIN4() and MAX4() macros
• gt2whois:
  • GTK 4 graphical user interface to t2whois
• New plugins:
  • entropyFSeg
  • entropySeg

ChangeLog for 0.9.3lmw3

• bgpDecode:
  • Renamed Packet/flowIndex/Timestamp to pktNo/flowInd/time in output files
• httpSniffer:
  • Added antivirus information
• mndpDecode:
  • Removed MNDP_SAVE configuration flag (exact same output as packet mode)
• ospfDecode:
  • Renamed NumPkts to pktNo in output files
• sslDecode:
  • Added support for QUIC
  • Fixed JA4/JA4S computation for special cases (no signature algorithms, …)
  • Updated sslblacklist.[ct]sv
  • Updated JA4/JA4S fingerprints
  • Various fixes and improvements
• tcpFlags:
  • Renamed tcpInitWinSz_tcpSSAOpts_tcpMSS_tcpWS to tcpJA4T (JA4T/JA4TS)
  • Improved and extended counting of flags and flags combinations
  • Various fixes and improvements
• vrrpDecode:
  • Renamed flowIndex to flowInd in vrrp.txt file
• t2conf:
  • Various fixes and improvements
• t2py:
  • Various fixes and improvements
• t2test:
  • Various fixes and improvements
• t2utils.sh:
  • Added tests
  • Added $PYTHON variable
• New plugins:
  • centrality
  • dfft
  • gquicDecode
  • gsmDecode
  • liveXtr
  • quicDecode
  • regexHyperscan
  • regex_re2
  • telegram
  • wechatDecode

ChangeLog for 0.9.3lmw2

• tranalyzer2:
  • New macros:
    • FLOW_DIR_C_A, FLOW_DIR_C_B
    • FLOW_DIR_S_A, FLOW_DIR_S_B
    • FLOW_DIR_C(), FLOW_DIR_S()
    • OUTBUF_APPEND_IPV(), OUTBUF_APPEND_ARRAY_IPV()
    • OUTBUF_APPEND_ARRAY_IPVX()
• sslDecode:
  • Updated SSL blacklist
• voipDetector:
  • Improved SIP detection resilience
  • Extended output regarding SIP methods
  • Renamed output columns (changed prefix from voip to {sip,sdp,rtp,rtcp}
  • Various fixes and improvements
• tawk:
  • shark:
    • Various fixes and improvements
• t2conf:
  • Various fixes and improvements
• New plugin:
  • covertChannels