0.6.4 20020212
+ You can sniff remote traffic from a romote cisco router
and make mitm attacks on it using GRE tunnels.
+ Added some bits for the passive OS fingerprint database.
Now even the length of the packet make sense.
+ The sniffing interface now support JOINED view
+ NEW PLUGIN :
- thief (dumps all files from HTTP)
- zaratan (redirect GRE tunnels)
+ ICQ dissector now search for passwords on all ports
+ Updated the passive OS fingerprint database (675 records)
+ Changed the arg 2 of Plugin_HookPoint for PCK_RECEIVED_RAW
!! Under OpenBSD the pflog interface is ingored
!! Fixed the DATA_PATH issue in the phantom plugin
!! Fixed an unsigned short in state_machine
!! Fixed some plugins that don't recognize the 'yes' answer
!! Fixed the plugins symbol problem on Mac OS X (strip -x)
!! Fixed the possibility of remote exploitation on interface with MTU > 1500
>From ChangeLog:
Some bugs have been fixed.
o use trio library if system's printf is broken with %lld.
o fixed single quote escaping in several places.
o fixed coredump if service is unknown.
o fixed keep-alive for http/1.1.
o fixed uploading in ssl enabled ftp when data connection is protected.
o don't send AUTH TLS to ftp proxy.
o fixed fish protocol module.
to include capture, name resolution, and window geometry settings. It is
now possible to search for all fields in GIOP messages. You can now build
display filters on the fly by right-clicking on tree view items.
Additionally, protocol hierarchy statistics display and MacOS X capture
timeout bugs have been fixed.
The idl2eth utility now handles CORBA IDL recursive unions and structs and
the text2pcap utility also received updates, including SCTP support.
New dissectors include DHCPv6, DLSw, IAPP, SCSI, SPOOLSS RPC, SliMP3, and
TSP. Dissectors receiving updates include AFS, AIM, Auto-RP, BGP, BOOTP,
DCE RPC, DIAMETER, FDDI, GTP, H.261, HMIPv6, IS-IS, iSCSI, ISUP, LDAP,
M3UA, MIP, MMSE, MTP3, NBNS, NCP, NDMP, NFS, ONC RPC, PIM, PPP, PPP,
Q.931, RPC, RSVP, RTCP, SCTP, SDP, SIP, SMB/CIFS, SSL, STAT, Syslog, TCP,
TNS, VJ, WTP, and ypbind.
Support for WildPackets' AiroPeek and OpenBSD pflog capture file formats
have been added (you can read pflog data from a file, or directly from the
logging interface). Support for the DBS Etherwatch, EtherPeek, NetMon,
and VMS TCPIPtrace formats has been enhanced.
DCTC is a Direct Connect clone, allowing users to share their files
and talk (like IRC but more software sharing oriented) using a
proprietary protocol.
Dnstracer determines where a given Domain Name Server (DNS) gets
its information from, and follows the chain of DNS servers back to
the servers which know the data.
Its behaviour is similair to ntptrace(8), which does it for the
NTP protocol.
