"Fossies" - the Fresh Open Source Software Archive

Member "tcpflow-1.6.1/NEWS" (19 Feb 2021, 7736 Bytes) of package /linux/misc/tcpflow-1.6.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Version 1.3.1 NOV ??
    2 
    3 Complete rewrite of the TCP state machine, now handles flows larger
    4 than 4GiB.
    5 
    6 
    7 Version 1.3.0 SEP 30 2012 
    8 
    9 Release for end of FY2012, includes bug fixes, better support for
   10 autoconf, DFXML standardizations, and the ability to compile under
   11 mingw for Windows (that was a LOT of work).
   12 
   13 Version 1.2.7 May 24 2012 (GIT)
   14 
   15 I am pleased to announce the release of tcpflow version 1.2.7
   16 
   17 Version 1.2.7 offers two significant features over previous versions
   18 relating to the processing of the -r and the new -R options.
   19 
   20   -r file1.pcap - This option specifies a pcap file to be read. 
   21                   New with version 1.2.7, the -r flag may be
   22                   repeated any number of times.
   23 
   24   -R file0.pcap - This option, new with version 1.2.7, allows a file
   25                   to be specified that was captured in time *before*
   26                   the file specified with -r. This option allows TCP
   27                   sessions that started in file0.pcap and which
   28                   continued into file1.pcap to be properly
   29                   started. This option is useful when some external
   30                   process makes packet capture files at regular
   31                   intervals and then the files are reassembled
   32                   later. Typically these files result from tcpdump run
   33                   with the -w or -C options.
   34 
   35 
   36 Verison 1.2.7 can be downloaded from github:
   37 
   38   $ git clone git://github.com/simsong/tcpflow.git
   39   $ cd tcpflow
   40   $ sh bootstrap.sh
   41   $ ./configure
   42   $ make
   43 
   44 or from:
   45 
   46   $ https://github.com/downloads/simsong/tcpflow/tcpflow-1.2.7.tar.gz
   47 
   48 ================================================================
   49 
   50 Version 1.2 March 15 2012 (SVN )
   51 
   52 I am pleased to announce the release of tcpflow version 1.2.
   53 
   54 Version 1.2 is the first to include post-processing of TCP connections
   55 integrated directly into the tcpflow program itself. post-processing
   56 is optional and is performed on a per-connection basis when the
   57 connection is closed. 
   58 
   59 The following post-processing method methods are currently defined.
   60 
   61  -FM - Compute the MD5 hash value of every stream on close. Currently
   62        MD5 hashes are only computed for TCP streams that contain
   63        packets transmitted contigiously. -FM processing can happen
   64        even when output is suppressed. The MD5 is written into the
   65        DFXML file. 
   66 
   67  -AH - Detect Email/HTTP responses and separate headers from
   68        body. This requires that the output files be captured.
   69 
   70        If the output file is
   71           208.111.153.175.00080-192.168.001.064.37314,
   72 
   73        Then the post-processing will create the files:
   74           208.111.153.175.00080-192.168.001.064.37314-HTTP
   75           208.111.153.175.00080-192.168.001.064.37314-HTTPBODY
   76 
   77        If the HTTPBODY was compressed with GZIP, you may get a 
   78        third file as well:
   79 
   80           208.111.153.175.00080-192.168.001.064.37314-HTTPBODY-GZIP
   81 
   82        Additional information about these streams, such as their MD5
   83        hash value, is also written to the DFXML file
   84 
   85 These features are all present in Version 1.2.2, which is available
   86 now for download from http://afflib.org/
   87 
   88 
   89 Version 1.1.0 19 January 2012 (SVN 8118)
   90 
   91 I am pleased to announce the release of tcpflow version 1.1.
   92 
   93 Version 1.1 represents a significant rewrite of tcpflow. All users are
   94 encouraged to upgrade.
   95 
   96 Significant changes include:
   97 
   98 * Entire code base migrated to C++ ; code generally
   99   improved. tcpflow's original hash table has been replaced with a
  100   tr1::unordered_map which should offer significantly more
  101   scalability. 
  102 
  103 * tcpflow now automatically expires out old connections. This finally
  104   end the program's memory-hogging problem. (You can disable this
  105   behavior with -P, which makes tcpflow run faster because it never
  106   cleans up after itself. That's fine if you are working with less
  107   than a million connections.)
  108 
  109 * Multiple connections with the same (source/destination) are now
  110   detected and stored in different files. This is significant, as the
  111   previous implementation would make a single file 1-2GB in length if
  112   you the same host/port pairs with two different flows. Additional
  113   files have the same filename and a "c0001", "c0002" appended.
  114 
  115 * Filenames may now be prefixed with either the ISO8601 time or a Unix
  116   timestamp  indicating the time that the connection was first seen.
  117 
  118 * tcpflow will now save a DFXML file containing information for each
  119   flow that it reconstructs.
  120 
  121 * The following new options are now implemented:
  122 
  123   -o outdir --- now works (previously was not implemented)
  124   -X xmfile --- now reports execution results in a DFXML
  125                 file. (Version 1.1 will include complete notion in the XML file of
  126                 every TCP connection as a DFXML <fileobject>
  127   -Fc       --- Every file has the 'cXXXX' postfix, rather than just
  128                 the files with duplicate source/destination.
  129   -Ft       --- Every file has the <time_t>T prefix.
  130   -FT       --- Every file has an ISO8601 time prefix, 
  131                 e.g. 2012-01-01T09:45:15Z
  132   -mNNNN    --- Specifies the minimum number of bytes that need to be
  133                 skipped in a TCP connection before a new 
  134   -Lname    --- use the named semaphore 'name' to prevent multiple tcpflow 
  135                 processes printing to standard output from overprinting each other.
  136   -P        --- do not prune the tcp connection table.
  137 
  138 
  139 Other improvements include:
  140 
  141 * Support for IPv6
  142 
  143 * Support for VLANs
  144 
  145 * The default filter which was causing problems under MacOS has been removed.
  146 
  147 tcpflow can be downloaded from:
  148 	http://afflib.org/
  149 	http://afflib.org/software/tcpflow
  150 
  151 Finally, because the previous maintainer had lost control of the old
  152 tcpflow mailing list, a new one has been created at Google Groups. You
  153 can subscribe at:
  154 
  155     http://groups.google.com/group/tcpflow-users
  156 
  157 
  158 
  159 Version 1.0.4 November 24, 2011
  160 * Default fitler changed to ""; previous default filter was causing problems on macs.
  161 
  162 Version 1.0.2 September 30, 2011
  163 * IPv6 code added
  164 
  165 Version 1.0.0 January 2011
  166 * Updated to support VLANs. VLAN packets are marked by hex 0x8100 following
  167   the destination and source mac addresses, followed by the 16-bit VLAN address,
  168   followed by 0x0800 marking the beginning of the traditional IP header.
  169 
  170 Version 0.30 October 2007
  171 * Simson Garfinkel <simsong@acm.org> is now the maintainer of this package
  172 * Modified to set the time of each tcpflow with the time of the first packet.
  173 * Created a regression test, so "make check" and "make distcheck" now work.
  174 * Updated to modern autoconf tools.
  175 
  176 Version 0.20 (February 26, 2001):
  177 
  178 * A bug was fixed that caused out-of-order reassembly to generate
  179 seemingly very large files on some systems (specifically, those that
  180 support fgetpos/fsetpos).
  181 
  182 * Bug fixed that caused the interface to be left in promiscuous mode
  183 after tcpflow terminated
  184 
  185 * The -r option was added, contributed by Jose M. Alcaide
  186 <jose@we.lc.ehu.es>
  187 
  188 * We now distribute tcpflow RPMs, thanks to a spec file submitted by
  189   Ross Golder <rossigee@bigfoot.com>.
  190 
  191 
  192 Version 0.12 (April 20, 1999):
  193 
  194 * Now compiles under IRIX, and using non-GCC compilers.
  195 
  196 * Workaround for the Linux/libpcap bug that prevented tcpflow from
  197   listening to packets on the Linux loopback interface.  It's not
  198   perfect -- it appears impossible to install a libpcap filtering
  199   expression when listening to the Linux loopback interface.  Thus,
  200   *all* flows on that interface are recorded.  Someday I may try to
  201   fix either libpcap or the Linux kernel so that this workaround is
  202   not necessary.
  203 
  204 
  205 Version 0.11 (April 13, 1999):
  206 
  207 * Support for older (libc5) Linux systems (submitted by Johnny Tevessen
  208   <j.tevessen@gmx.net>).
  209 
  210 * Some minor fixes.
  211 
  212 
  213 Version 0.10 (April 12, 1999):
  214 
  215 * First public release.