wiki:ChangeLog

See http://research.wand.net.nz/software/libprotoident.php to download this software.

libprotoident-2.0.9 (2016-08-26)

New Protocols

Improved Protocols

libprotoident-2.0.8 (2016-04-29)

Thanks to elnappo for some contributions towards this release.

Important Changes

New Protocols

Improved Protocols

New File Types

  • .xz compression

libprotoident-2.0.7 (2013-11-05)

Bug Fixes

  • Fixed bug where NO_PAYLOAD was being erroneously reported for flows, due to reordering (r147)
  • Fixed some false positives that were matching ApplePush (r158)

New Protocols

New Categories

  • Caching

Improved Protocols

libprotoident-2.0.6 (2012/11/07)

Important Changes

  • All protocols previously in the P2P Structure category will be moved to the P2P category. P2P Structure will be deprecated. Full explanation in r128

Bug Fixes

  • Fixed a number of integer underflow problems in lpi_live which was causing impossibly large values to be reported (r126)
  • Fixed bug where a flow could be classified as No Payload but still have > 0 bytes in either direction (r129)

New Protocols

New Categories

  • Broadcast
  • Location

New File Types

  • bzip2

Improved Protocols

libprotoident-2.0.5 (2012-04-27)

New Features

  • Added new tool: lpi_arff. Behaves the same as lpi_protoident, except the output is in the ARFF format which can be read by WEKA (thanks to Paweł Foremski for writing much of the code for this tool) (r116)
  • All protocols that use both TCP and UDP now have unique name strings (r118)
  • Added new API function (lpi_is_protocol_inactive) which can be used to determine whether there is a module for a given protocol enum (r118)
  • lpi_live tool can now produce output suitable for writing straight to an RRD (r124)

Important Changes

  • Output format for lpi_live tool has changed significantly! Apologies if this breaks anyone's analysis scripts / code (r119)

Bug Fixes

  • Fixed typo in RTMFP name string (r112)
  • Renamed HTTP P2P to be HTTP Nonstandard and moved from P2P to Web category (r112)
  • Added missing documentation for CLI options to lpi_live (r113)
  • Fixed bug in RADIUS length checking (r111)

New Protocols

New Categories

  • CDN
  • Cloud
  • Notification
  • Serialisation

Improved Protocols

libprotoident-2.0.4 (2011-12-14)

New Features

  • lpi_live now reports flow counts as well as bytes now (r96)
  • lpi_live output files are now opened in append mode to avoid overwriting any previous data (r96)

Bug Fixes

  • Removed unnecessary byte swapping inside payload harvesting code (r104)

New Protocols

Improved Protocols

Disabled Protocols

  • Ensemble Online (too many false positives)
  • Mitglieder Trojan (was actually SOCKS4)
  • Mystery FE (was actually QQLive)
  • IPv6 over UDP (merged into Teredo)

libprotoident-2.0.3 (2011-10-04)

New Features

  • All tools now support IPv6 (r95).
  • All tools now support three different approaches for determining packet direction. The default is the old port-based system, but there are also options for using the direction from the capture record and a "local" MAC address (r94).

Bug Fixes

  • Fixed bug where PPStream was not being matched corrected (r92).
  • Fixed bug in Gnutella UDP module that was causing some Gnutella flows to be missed (r93).

New Protocols

Improved Protocols

New Categories

  • Logging
  • Printing
  • Translation

libprotoident-2.0.2 (2011-07-06)

New Features

  • Added new tool, lpi_live, for live reporting of protocol usage as soon as the flow is identified rather than waiting for flow expiry.

Bug Fixes

  • Fixed bug that causes crashes if lpi_init_library is called twice (r82)
  • Fixed uninitialised value bug in PPStream module (r90)
  • Changed priority for Flash Player to avoid false positives (r90)

New Protocols

Improved Protocols

Removed Protocols

  • Mystery_02_36 has now been correctly identifed as iMesh

libprotoident-2.0.1 (2011-05-19)

Bug Fixes

  • Fixed segfault when lpi_init_library is called after lpi_free_library (r74)
  • Fixed byte ordering bug that was causing Telnet flows to be missed (r75)
  • Fixed priority problem that was causing DNS traffic to be misclassifed (r75)
  • Fixed bug with misclassifying one-way "<!DO" as HTTPS (r76)
  • Fixed bug with IPMsg module that would match everything on the IPMsg port (r76)
  • Fixed bug in SSH payload length matching (r77)
  • Fixed byte-ordering issues with NTP, DNS and Skype rules (r79)

New Protocols

  • Invalid POP
  • LDAP
  • RTFMP
  • TeamViewer

Improved Protocols

  • BitTorrent UDP
  • DNS
  • Flash
  • Gnutella UDP
  • Invalid SMTP
  • IRC
  • Kademlia
  • NetBIOS
  • POP
  • PPLive
  • RTCP
  • SecondLife
  • SIP
  • Skype
  • SMTP
  • SNMP
  • TLS
  • Traceroute
  • XLSP
  • Xunlei UDP

Removed Protocols

  • Confirmed "Mystery Emule" as Emule traffic, so that has been merged into the Emule ruleset

libprotoident-2.0.0 (2011-03-14)

New Features

  • Massive internal code restructure, designed to make it easier to create and edit protocols.
  • Added priority system for protocols, which determines the order that each set of protocol rules will be run.
  • As a result, the API has changed slightly - see the Developer Documentation for more info.

New Protocols

  • CVS
  • Cisco VPN (TCP)

Improved Protocols

  • MMS
  • UDP Netbios
  • TeamSpeak
  • Quake
  • DNS
  • IRC

Removed protocols

  • XML and AR files are now included in the file header category, rather than as separate protocols.
Last modified 5 months ago Last modified on 08/26/16 14:12:50