Latest news

News archive

Tranalyzer2 Cobra version 0.9.1lmw1 is out!

  • tranalyzer2:
    • Added LIVEBUFSIZE define to set libpcap internal buffer size on live captures
    • Added T2_USEC_PREC and T2_PRI_USEC macros
    • Added sensor ID to monitoring machine report
    • Added support for DTLS 1.2
    • Added -S/--snaplen and -B/--rx-bufsize command line options
    • Added -P/--priority option to set process priority (renice)
    • Added -M/--mon-interval option to set monitoring interval
    • Added -m/--monfile option to redirect monitoring output to _monitoring.txt
    • Added FLOW_IS_A() and FLOW_IS_B() macros
    • Extended support for Q-in-Q VLAN (ethertypes 0x9100 and 0x9200)
    • Reduced memory footprint of flow_t structure if FRAGMENTATION=0
    • Reduced list of L2/3 protocols to monitor (can be easily extended with MONPROTL[23])
    • Removed B2T_NANOSECS macro, used TSTAMP_PREC instead
    • Renamed ENABLE_IO_BUFFERING macro to IO_BUFFERING
  • basicFlow:
    • Added MPLS information to packet mode
    • Added option to output MPLS labels as hexadecimal
    • Added BFO_VLAN=3 option to output decoded VLAN headers
    • Fixed nanoseconds representation in packet mode
  • nDPI:
  • nFrstPkts:
    • Fixed nanoseconds representation for inter-arrival times
  • pcapd:
    • Added PD_CHKSUM option to correct IPv4 checksum
  • sslDecode:
    • Renamed SSL_PROTO_LIST to SSL_ALPN_LIST
    • Renamed sslProtoList and sslNumProto to sslALPNList and sslNumALPNList
    • Extract list of signature hash algorithms
    • Extract list of ALPN, NPN and ALPS
    • Extract list of record, handshake and supported versions
    • Extended sslProto to flag GREASE values and more
    • Added support for TLS 1.3 draft versions
    • Added support for missing TLS 1.3 ciphers
    • Added support for missing TLS 1.3 alerts
    • Added number of TLS 1.3 draft versions flows to plugin report
    • Added number of DTLS 1.3 flows to plugin report
    • Added support for JA4/JA4S fingerprints
    • Fixed handling of GREASE values in JA3 fingerprints
    • Updated list of insecure, weak, secure and recommended ciphers
    • Updated JA3 fingerprints
    • Updated SSL blacklist
  • tcpFlags:
    • Added support for JA4T fingerprints
  • tp0f:
    • Added packet mode
  • txtSink:
    • Report process priority in headers file
  • voipDetector:
    • Added VOIP_SIP, VOIP_RTP, VOIP_RTCP to control protocol dissection
    • Added VOIP_BUFMODE, RTPBUFSIZE, RTPSUBDIRS, VOIP_PERM macros
    • Decode RTCP by default
    • Output SIP contacts and Call-IDs
    • Output SDP session ID
    • Fixed description of RTP payload type 125
    • Code hardening
  • fsutils.[ch]:
    • New helper macro:
      • T2_MKPATH_WITH_FLAGS()
  • t2buf.[ch]:
    • New function:
      • t2buf_ptr()
  • t2log.h:
    • New macros:
      • T2_FPLOG_DIFFNUM, T2_FPLOG_DIFFNUM0
  • t2utils.[ch]:
    • New helper macros:
      • DTLS12_HEADER()
      • t2_calloc(), t2_malloc()
    • New functions:
      • t2_strncpy()
      • t2_tcp_socket_connect(), t2_tcp_socket_connect_to_server(), t2_udp_socket_init()
      • t2_calloc_fatal(), t2_malloc_fatal()
    • Fixed nanoseconds representation in t2_log_date() and t2_log_time()
  • API break:
    • Renamed t2_calloc/t2_malloc to t2_[cm]alloc_fatal()
  • tawk:
    • tawk is now faster
    • Inverted -t option behavior: use it to validate column names (slow)
  • scripts:
    • t2build:
      • Added --lto option to enable link time optimization (meson only)
    • t2caplist:
      • Added -x option to filter by extension (faster, but less precise)
      • Added -t option to sort list by first packet time
    • t2conf:
      • Fixed t2conf tranalyzer2 --gui
      • Several other fixes and improvements
    • t2fm:
      • Added information about ASNs
      • Added -d/--data-carving option to report EXE downloads
    • t2fuzz:
      • Added -S/-P/-a options to start netcat (nc) before running t2

Friday, 08.03.2024

Tranalyzer2 Cobra version 0.9.0lmw1 is out!

Wednesday, 30.08.2023

Tranalyzer2 Tarantula version 0.8.14lmw1 is out!

  • tranalyzer2:
  • descriptiveStats:
    • Added DS_QUARTILES flag to control quartiles calculation
    • Renamed ENABLE_{IAT,PS}_CALC to DS_{IAT,PS}_CALC
  • nDPI:
    • Updated nDPI library to version 4.4
  • portClassifier:
    • Added packet mode
  • psqlSink:
    • Improved documentation
  • regex_pcre:
    • Added packet mode
  • sctpDecode:
    • Improved packet mode
    • Various fixes and improvements
  • sslDecode:
    • Updated SSL blacklist
  • tcpFlags:
    • Added MPTCP variables to packet mode
    • Various fixes and improvements
  • New plugins:
  • tawk:
    • New functions: bitshift, isfloat, isint, isuint, nibble_swap
    • Added variables descriptions (-V option) for MPTCP
    • Various fixes and improvements
  • t2fm:
    • Added -c option to generate a PDF report from a ClickHouse database
    • Various fixed and improvements
  • scripts:

Thursday, 08.09.2022

News archive