Latest news

News archive

Tranalyzer2 Cobra version 0.9.2lmw2 is out!

  • dnsDecode:
    • Extended decoding of NBNS names (discard padding, add suffix, …)
  • mongoSink:
    • Fixed double escaping of quotes and double quotes
  • voipDetector:
    • Fixed and improved decoding of NBNS names
    • Renamed voipconv to t2voipconv
    • t2voipconv: added support for AMR, AMR-NB, AMR-WB, G.723.1, G.726, G.726le and GSM formats
    • Various fixes and improvements
  • t2utils.[ch]:
    • New functions:
      • t2_strncpy_escape(), t2_strcpy_escape()
  • tawk:
    • Fixed header printing when accumulating something other than flows
    • Added support for Termshark (-k option)
    • shark:
      • Added support for SDP
      • Extended support for RTP and SIP
    • New functions:
      • ientropy: compute the information entropy of each column, filter out columns with low entropy
      • isset: return true if a value is set, i.e., not empty
      • log2: compute the binary logarithm (log base 2) of a number
      • quote: add leading and trailing quotes to a string, escape quotes within string
      • printinf, printok, printwrn: print text in blue, green or orange
    • Improved documentation
    • Various fixes and improvements
  • t2fm:
    • Added bottom N statistics
    • Added --top/--bottom options to only compute top or bottom stats
    • Do not count query names from responses when reporting top DNS queries
    • Various fixes and improvements
  • t2utils.sh:
    • Added validate_next_file_or_dir function
    • Added {BLUE_,GREEN_,ORANGE_,RED_,}{ITALIC,UNDERLINE} and STRIKETHROUGH variables
    • Various fixes and improvements
  • t2_aliases:
    • New t2voipconv alias
  • New script:
    • t2voipconv: convert and manipulate raw VoIP files extracted from voipDetector

Thursday, 01.08.2024

Tranalyzer2 Cobra version 0.9.2lmw1 is out!

  • tranalyzer2:
    • Added support for DPDK
    • Added support for DTLS dissection
  • clickhouseSink
    • Improved documentation
  • findexer
    • Added support for pcap with nanosecond precision
    • Various fixes and improvements
  • mongoSink
    • Improved handling of timestamps with nanosecond precision
    • Improved documentation
  • ospfDecode
    • Added missing column names in output files
    • Make sure each row in each file always have the same number of columns
    • Renamed column seq# to SeqNum
    • Bugfixes and improvements
  • pcapd
    • Bugfixes and improvements
  • psqlSink:
    • Improved handling of timestamps with nanosecond precision
    • Improved documentation
  • sslDecode
    • Updated SSL blacklist
  • tcpFlags
    • Improved performance
  • voipDetector
    • Bugfixes and improvements
  • t2fm
    • Added information about top known and unknown JA3 and JA3S fingerprints
    • Added information about top known and unknown JA4 and JA4S fingerprints
    • Added information about top blacklisted certificates
    • Replaced -C/--color option with --{chart,table-{odd,even}}-color
    • Replaced -c/--clickhouse option with -C/--clickhouse
    • Various fixes and improvements
  • t2py
  • t2utils.sh
    • Added ${IS_LINUX} and ${IS_MACOS} variables
    • Simplified find_most_recent_file function
    • Renamed check_dependency_osx to check_dependency_macos
    • Various fixes and improvements
  • tawk
    • Added -b/--both-directions option to extract A and B flows (-x/-k options)
    • Added support for more custom defined columns (srcMac, ethType, …)
    • Various fixes and improvements
  • scripts:
  • New script:
    • t2dpdk: run N instances of Tranalyzer in DPDK multi-process mode

Friday, 14.06.2024

Tranalyzer2 Cobra version 0.9.1lmw1 is out!

  • tranalyzer2:
    • Added LIVEBUFSIZE define to set libpcap internal buffer size on live captures
    • Added T2_USEC_PREC and T2_PRI_USEC macros
    • Added sensor ID to monitoring machine report
    • Added support for DTLS 1.2
    • Added -S/--snaplen and -B/--rx-bufsize command line options
    • Added -P/--priority option to set process priority (renice)
    • Added -M/--mon-interval option to set monitoring interval
    • Added -m/--monfile option to redirect monitoring output to _monitoring.txt
    • Added FLOW_IS_A() and FLOW_IS_B() macros
    • Extended support for Q-in-Q VLAN (ethertypes 0x9100 and 0x9200)
    • Reduced memory footprint of flow_t structure if FRAGMENTATION=0
    • Reduced list of L2/3 protocols to monitor (can be easily extended with MONPROTL[23])
    • Removed B2T_NANOSECS macro, used TSTAMP_PREC instead
    • Renamed ENABLE_IO_BUFFERING macro to IO_BUFFERING
  • basicFlow:
    • Added MPLS information to packet mode
    • Added option to output MPLS labels as hexadecimal
    • Added BFO_VLAN=3 option to output decoded VLAN headers
    • Fixed nanoseconds representation in packet mode
  • nDPI:
  • nFrstPkts:
    • Fixed nanoseconds representation for inter-arrival times
  • pcapd:
    • Added PD_CHKSUM option to correct IPv4 checksum
  • sslDecode:
    • Renamed SSL_PROTO_LIST to SSL_ALPN_LIST
    • Renamed sslProtoList and sslNumProto to sslALPNList and sslNumALPNList
    • Extract list of signature hash algorithms
    • Extract list of ALPN, NPN and ALPS
    • Extract list of record, handshake and supported versions
    • Extended sslProto to flag GREASE values and more
    • Added support for TLS 1.3 draft versions
    • Added support for missing TLS 1.3 ciphers
    • Added support for missing TLS 1.3 alerts
    • Added number of TLS 1.3 draft versions flows to plugin report
    • Added number of DTLS 1.3 flows to plugin report
    • Added support for JA4/JA4S fingerprints
    • Fixed handling of GREASE values in JA3 fingerprints
    • Updated list of insecure, weak, secure and recommended ciphers
    • Updated JA3 fingerprints
    • Updated SSL blacklist
  • tcpFlags:
    • Added support for JA4T fingerprints
  • tp0f:
    • Added packet mode
  • txtSink:
    • Report process priority in headers file
  • voipDetector:
    • Added VOIP_SIP, VOIP_RTP, VOIP_RTCP to control protocol dissection
    • Added VOIP_BUFMODE, RTPBUFSIZE, RTPSUBDIRS, VOIP_PERM macros
    • Decode RTCP by default
    • Output SIP contacts and Call-IDs
    • Output SDP session ID
    • Fixed description of RTP payload type 125
    • Code hardening
  • fsutils.[ch]:
    • New helper macro:
      • T2_MKPATH_WITH_FLAGS()
  • t2buf.[ch]:
    • New function:
      • t2buf_ptr()
  • t2log.h:
    • New macros:
      • T2_FPLOG_DIFFNUM, T2_FPLOG_DIFFNUM0
  • t2utils.[ch]:
    • New helper macros:
      • DTLS12_HEADER()
      • t2_calloc(), t2_malloc()
    • New functions:
      • t2_strncpy()
      • t2_tcp_socket_connect(), t2_tcp_socket_connect_to_server(), t2_udp_socket_init()
      • t2_calloc_fatal(), t2_malloc_fatal()
    • Fixed nanoseconds representation in t2_log_date() and t2_log_time()
  • API break:
    • Renamed t2_calloc/t2_malloc to t2_[cm]alloc_fatal()
  • tawk:
    • tawk is now faster
    • Inverted -t option behavior: use it to validate column names (slow)
  • scripts:
    • t2build:
      • Added --lto option to enable link time optimization (meson only)
    • t2caplist:
      • Added -x option to filter by extension (faster, but less precise)
      • Added -t option to sort list by first packet time
    • t2conf:
      • Fixed t2conf tranalyzer2 --gui
      • Several other fixes and improvements
    • t2fm:
      • Added information about ASNs
      • Added -d/--data-carving option to report EXE downloads
    • t2fuzz:
      • Added -S/-P/-a options to start netcat (nc) before running t2

Friday, 08.03.2024

News archive