2011년 2월 6일 일요일

NetworkMiner 1.0 Update

NetworkMiner - http://sourceforge.net/projects/networkminer/

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic.

NetworkMiner 1.00 2011-02-5 Erik Hjelmvik

 * FileStreamAssembler.cs: Implemented support to avoid reserved file and folder
 names such as COM2, LPT1 and CON for files extracted to disk.

 * SmtpPacket.cs: Extended the protocol parser to handle multiple requests and
 responses in a single SMTP packet.

 * TlsRecordPacketHandler.cs: Improved parsing of SSL/TLS traffic to use the
 underlying TCP stream properly in order to handle TLS record breakes on
 non-even TCP packet boundaries.

 * TcpPortProtocolFinder.cs: Added more default TCP service ports: 8021=FTP,
 5223+8170+8443+9001+9030=SSL

 * Converted Visual Studio project to Visual C# 2010 format, .NET framework
 is still let back in 2.0 so that NetworkMiner will be able to run on as
 many machines as possible.

 * Improved TCP reassembly to support out-of-order TCP segments that are
 paritally overlapping.

 * NetworkTcpSession.cs: Modiefied FinPacketReceived to require a FIN in each
 direction in order for the session to be closed.

 * FtpPacketHandler.cs: File sizes are extracted from the FTP control session
 and stored to the file stream assembler object for better file size precision.

 * PacketFactory.cs: Added support for Per-Packet Information header
 (WTAP_ENCAP_PPI) as used by Kismet and sometimes Wireshark WiFi sniffing.

 * PacketHandler.cs: Added extraction of Facebook as well as Twitter messages
 into the message tab. Added support to extract emails sent with Microsoft
 Hotmail (I.e. Windows Live) into Messages tab.

 * NetworkCredential.cs:
  - Added extraction of twitter passwords from when settings are changed.
  Facebook user account names are also extracted (but not Facebook
  passwords).
  - Added extraction of gmailchat parameter from cookies in order to
  identify users through their Google account logins.

 * MacCollection.cs: Fixed bug with incorrect NIC vendor extraction. Also
 added support for the original IEEE OUI file format as used in:
 http://standards.ieee.org/regauth/oui/oui.txt

 * SyslogPacket.cs: Added protocol parser for Syslog. Syslog messages are
 displayed on the Parameter tab.







댓글 없음:

댓글 쓰기