Downloads

ChangeLog for 0.9.3lmw2

• tranalyzer2:
  • New macros:
    • FLOW_DIR_C_A, FLOW_DIR_C_B
    • FLOW_DIR_S_A, FLOW_DIR_S_B
    • FLOW_DIR_C(), FLOW_DIR_S()
    • OUTBUF_APPEND_IPV(), OUTBUF_APPEND_ARRAY_IPV()
    • OUTBUF_APPEND_ARRAY_IPVX()
• sslDecode:
  • Updated SSL blacklist
• voipDetector:
  • Improved SIP detection resilience
  • Extended output regarding SIP methods
  • Renamed output columns (changed prefix from voip to {sip,sdp,rtp,rtcp}
  • Various fixes and improvements
• tawk:
  • shark:
    • Various fixes and improvements
• t2conf:
  • Various fixes and improvements
• New plugin:
  • covertChannels

Downloads

ChangeLog for 0.9.3lmw1

• tranalyzer2:
  • Fixed print format for nanoseconds in monitoring mode
  • Added current date to final report
  • Added number of L2 packets to monitoring and final reports
• basicStats:
  • Renamed numPkts{Rcvd,Snt,RTAggr} to pkts{Rcvd,Snt,RTAggr}
  • Renamed numBytes{Rcvd,Snt,RTAggr} to l[2347]Bytes{Rcvd,Snt,RTAggr}
  • Renamed {min,max,ave,var,std}PktSize to {min,max,ave,var,std}L[2347]PktSz
  • Added BS_SK configuration flag and {skew,kur}L[2347]PktSz and {skew,kur}IAT columns
  • Added BS_PAD configuration flag and padBytesSnt column
• nDPI:
  • Updated nDPI library to version 4.10
• pcapd:
  • New t2topcap script: convert pcapng files to pcap
• sslDecode:
  • Updated SSL blacklist
• tcpFlags:
  • Renamed tcpAveWinSz, tcpRTTAckTripAve, tcpRTTAckTripJitAve and tcpRTTAckJitAve to tcpAvgWinSz, tcpRTTAckTripAvg, tcpRTTAckTripJitAvg and tcpRTTAckJitAvg
  • Added TCPFLGCNT configuration flag and tcpCntFIN_SYN_RST_PSH_ACK_URG_ECE_CWR column
• t2build:
  • Added --no-sink option
• t2fm:
  • Added -N option to generate report from NetFlow data
  • Added progress report and time taken to generate report
  • Various fixes and improvements
• t2utils.[ch]:
  • Added T2_CONV_NUM_SFX macro
• t2utils.sh:
  • Added printf{bold,err,inf,ok,wrn} functions
  • Added test_min_version function
• t2_aliases:
  • New t2topcap alias
• tawk:
  • print{bold,err,inf,ok,wrn}: added parameter to omit trailing newline
  • New functions:
    • hrtime: convert timestamps (seconds) to human readable form
    • printbold: print text in bold

Downloads

ChangeLog for 0.9.2lmw2

• dnsDecode:
  • Extended decoding of NBNS names (discard padding, add suffix, …)
• mongoSink:
  • Fixed double escaping of quotes and double quotes
• voipDetector:
  • Renamed voipconv to t2voipconv
  • t2voipconv: added support for AMR, AMR-NB, AMR-WB, G.723.1, G.726, G.726le and GSM formats
  • Various fixes and improvements
• t2utils.[ch]:
  • New functions:
    • t2_strncpy_escape(), t2_strcpy_escape()
• tawk:
  • Fixed header printing when accumulating something other than flows
  • Added support for Termshark (-k option)
  • shark:
    • Added support for SDP
    • Extended support for RTP and SIP
  • New functions:
    • ientropy: compute the information entropy of each column, filter out columns with low entropy
    • isset: return true if a value is set, i.e., not empty
    • log2: compute the binary logarithm (log base 2) of a number
    • quote: add leading and trailing quotes to a string, escape quotes within string
    • printinf, printok, printwrn: print text in blue, green or orange
  • Improved documentation
  • Various fixes and improvements
• t2fm:
  • Added bottom N statistics
  • Added --top/--bottom options to only compute top or bottom stats
  • Do not count query names from responses when reporting top DNS queries
  • Various fixes and improvements
• t2utils.sh:
  • Added validate_next_file_or_dir function
  • Added {BLUE_,GREEN_,ORANGE_,RED_,}{ITALIC,UNDERLINE} and STRIKETHROUGH variables
  • Various fixes and improvements
• t2_aliases:
  • New t2voipconv alias
• New script:
  • t2voipconv: convert and manipulate raw VoIP files extracted from voipDetector