forked from krissg/junkie
-
Notifications
You must be signed in to change notification settings - Fork 4
/
NEWS
186 lines (99 loc) · 4.07 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
For a detailed Changelog, see git logs.
Here are only reported the most visible changes.
NEW in 2.8.1 (since 2.8.0)
--------------------------
* Fixes
NEW in 2.8.0 (since 2.7.0)
--------------------------
* Upgrade for newer openssl libs
* SSLogram, a plugin to display info about TLS certificates
* Autoload plugins (./plugin is equivalent to ./junkie -p plugin)
* Support for GTP (GSM tunnelling protocol)
* Simple integration with Ramen (https://github.com/rixed/ramen/)
* Various minor fixes / scrapping bit-rot
* Better support for MacOS and NixOS.
NEW in 2.7.0 (since 2.6.0)
--------------------------
* Time has passed!
NEW in 2.6.0 (since 2.5.0)
--------------------------
* Delayogram plugin
* New option -f to set next capture filters from command line
* Support for Eth QinQ
* DHCP protocol
* Autodiscovery of IRC, jabber, VNC, CIFS, PCanywhere, citrix,
telnet, BGP, IMAP, POP, NTP
NEW in 2.5.0 (since 2.4.0)
--------------------------
* TLS protocol (with optional decryption a la ssldump)
* SKINNY protocol
* Reorder all TCP traffic by default
* NetTop plugin
NEW in 2.4.0 (since 2.3.0)
--------------------------
* More informations are extracted from HTTP
* More robust handling of missing TCP segments
NEW in 2.3.0 (since 2.2.0)
--------------------------
* Packetogram plugin to display packet size distribution
* You can now limit the amount of RAM used by the parsers
* Duplicogram plugin to display dups time distribution
* Autodiscovery of some protocols (HTTP, SIP, MGCP, FTP...)
NEW in 2.2.0 (since 2.1.0)
--------------------------
* Faster deadlock detection
* Can replay pcap in a loop
* Can now pass nettrack values to a guile action
* More doc (in doc/)
* Support for multiline HTTP headers
* Guile files are pre-compiled before installation (see ./configure --help)
New in 2.1.0 (since 2.0.0)
--------------------------
* New simpler syntax for packet filters
* Primitive implementation of `nettrack`, a network event tracking language
above packet filters
* Custom memory allocator that performs marginally better on large networks
* OS detection based on TCP, ripped with shame from p0f
(http://lcamtuf.coredump.cx/p0f3/)
* Packet deduplication dynamically resize the queue (no more need for the
autocalibration thread)
New in 2.0.0 (since 1.5.0)
--------------------------
* Continuation function replaced by hooks (with a compatibility per packet hook)
* Support for HTTP chunked transfer encoding
New in 1.5.0 (since 1.4.0)
--------------------------
* Plugins are now loaded from system library directory (usualy
/usr/local/lib/junkie) if not found.
* Junkie can now forward traffic information to another junkie:
junkie -p serializer.so -i eth0 &
junkie -e '(open-deserializer)' -p some_plugin
* Compiled packet filters (much faster than tshark filters):
junkie -i eth0 -p writer.so --file=/dev/stdout --method=csv \
--netmatch '((tcp with (dst-port = 80)) (http with ((set? host) && (host =s "www.google.com"))))'
New in 1.4.0 (since 1.3.0)
--------------------------
* Basic HTTP server (for those unhappy with the parentheses)
Activate at your own risk!
* Writer plugin can now be scripted from guile
* New connection tracking, simpler with fewer bugs
* Packet deduplication is now done per vlan and/or per ifaces
(unless these are collapsed of course)
* You can use the same loging facility from guile than from C
* A way to send parsed infos to another program via socket
* When replaying a pcap file, can now patch timestamp with current time
New in 1.3.0 (since 1.2.0)
--------------------------
* Use guile-2
* Reopen network interfaces after they go down/up
New in 1.2.0 (since 1.1.0)
--------------------------
* Finer grained locks
* NBNS / LLMNR / MDNS name resolution protocols
New in 1.1.0 (since 1.0.0)
--------------------------
* Support for IP fragmentation, TCP reordering and stream reassembly
* Parsers for (some version of) PostgreSQL, MySQL and Oracle
* HTTP parser is now statefull
* Can replay pcap file at capture speed, can write pcap files (from C not Guile)
* Few sample plugins and many fixes!