Revision history for Perl extension Net::SinFP.
2.09 Sun Mar 13 12:45:47 CET 2011
- bugfix: in pod for Net::SinFP::Consts
- new signatures (sinfp-20110125.db: 188 signatures)
- NOTE: this should be the last release in 2.xx branch
2.08 Wed Jan 12 15:24:24 CET 2011
- update: new deformation masks
- update: improvements on passive fingerprinting analysis
=> greetz to Goulag Parkinson, IpMorph rulez.
- update: copyright notice
2.07 Fri Dec 24 14:21:08 CET 2010
- bugfix: padding vs payload issue for TCP options
- update: more verbose message on closed/filtered port
- update: copyritht notice
- update: mailing list link
- new signatures (sinfp-20101224.db: 158 signatures)
2.06 Mon Dec 18 16:35:25 CET 2006
- bugfix: in passive mode, when a frame has no TCP layer, do not process it
- bugfix: in passive mode, when a user specifies -F, SinFP must use it
- pod: for Result.pm
- examples: now ships with example files in examples/ directory
- tests: more tests (pod consistency, pod coverage)
- new signatures (sinfp-20061218.db, 140 signatures)
2.05 Sat Nov 18 12:40:41 CET 2006
- bugfix: due to changes in Net::Packet 3.xx, now requires version 3.2x
- new signatures (sinfp-20061118.db)
2.04 Sun Nov 5 18:59:48 CET 2006
- Search.pm: new deformation mask added
- new signatures (sinfp-20061101.db)
2.03 Sun Oct 29 21:57:05 CET 2006
- Search.pm: new deformation masks added
- sinfp.pl: default displaying of OS information updated, it is shorter now
- sinfp.pl: new parameter -C, to show complete OS information like old
behaviour
- new signatures
2.02 Mon Aug 28 19:56:45 CEST 2006
- bugfix: when analyzing an anonymized pcap file
- bugfix: test options length for P2 reply, not P3 reply
- new signatures
2.01 Sun Jul 2 11:52:43 CEST 2006
- bugfix: when a target responds to P2, but to not P1, we craft
a fake P1 reply
- update: display a warning when a signature is matched in a heuristic mode,
but not enough TCP options were received from P2 for a considered
reliable match
- new signatures
2.00 Wed Jun 14 23:33:16 CEST 2006
- complete rewrite
- sinfp.db completely reworked
- new tests based on comparison between probe and response (TCP seq/ack
comparison, IP ID value comparison)
- new matching algorithm, works like a search engine (a problem of finding
intersection, by applying a deformation mask on keywords) much more
efficient than in 1.xx branch
- passive fingerprinting much more acurate thanks to new matching algorithm
- possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
- match IPv6 signatures against IPv4 ones
- API changes, not compatible with 1.xx version anymore
- DB schema changes, not compatible with 1.xx version anymore
- many bugfixes
1.02 Wed May 31 18:50:03 CEST 2006
- bugfix: in RST response to a probe when it has some L7 data
- compatibility patches with upcoming Net::Packet 3.00
1.01 Sat May 13 13:03:16 CEST 2006
- sinfp.db: new signatures, bugfix on some
- sinfp.db: now installs in the same directory as sinfp.pl, no need to
be root anymore
- now uses Class::Gomor::Array instead of Hash
1.00 Mon Mar 13 13:37:01 CET 2006
- sinfp.db: more signatures (IPv4 and IPv6 ones)
- sinfp.db: migration from DBD::SQLite 1.08 to 1.11
- Makefile.PL: now installs sinfp.db into /usr/local/share/sinfp when
installation is run as root
- Makefile.PL: sinfp.pl, np-anon-pcap.pl, np-read-anon.pl are installed into
/usr/local/bin if installation is run as root
- SinFP: algorithm to match OSFPs is now quicker (especially in passive mode)
- SinFP: algorithm to match OSFPs is now also a little better
- SinFP: bugfix when running in offline passive mode (now skip non IP frames)
- sinfp.pl: -k parameter to keep generated pcap file (default to not)
pcap files are especially useful for unknown fingerprints, send
them to me ;) (use np-anon-pcap.pl to anonymize IPs)
0.92 Mon Jun 20 23:43:53 CEST 2005
- first public release