Releases: dreadl0ck/netcap
v0.3.9
Changelog
Protocols
Many new protocols have been added since the initial release in December 2018,
including: OSPF, GRE, IPSec, USB, Geneve, VXLAN, LCM, ModbusTCP, MPLS, BFD, EAP, VRRPv2, CiscoDiscovery and more.
Protobuf serialization performance
Since version 0.3.9 proto serialization is much faster,
thanks to a different code generator that generates more efficient code for packing and unpacking the protocol buffers in golang.
with golang code generator:
$ go test -bench=. -v ./types
=== RUN TestMarshal
--- PASS: TestMarshal (0.00s)
goos: darwin
goarch: amd64
pkg: github.com/dreadl0ck/netcap/types
BenchmarkMarshal-12 10000000 184 ns/op 64 B/op 1 allocs/op
BenchmarkUnmarshal-12 10000000 160 ns/op 40 B/op 2 allocs/op
PASS
ok github.com/dreadl0ck/netcap/types 3.830s
with gogo code generator:
$ go test -bench=. -v ./types
=== RUN TestMarshal
--- PASS: TestMarshal (0.00s)
goos: darwin
goarch: amd64
pkg: github.com/dreadl0ck/netcap/types
BenchmarkMarshal-12 20000000 89.1 ns/op 64 B/op 1 allocs/op
BenchmarkUnmarshal-12 20000000 110 ns/op 40 B/op 2 allocs/op
PASS
ok github.com/dreadl0ck/netcap/types 4.215s
However, for this to work, the fields named Size on several audit records structures had to be renamed, because the new code generator generates a function named Size() on each protocol buffer.
This breaks backwards compatibility to audit records created with version v0.3.8.
Use the -header flag to check which version was used to create the .ncap dumpfile.
The new field name is TotalSize.
Payload capture
It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB
This can be enabled with the -payload flag:
netcap -r traffic.pcap -payload
USB decoding
USB live capture is now possible, currently the following Audit Records exist: USB and USBRequestBlockSetup.
To capture USB traffic live on macOS, install wireshark and bring up the USB interface:
sudo ifconfig XHC20 up
Now attach netcap and set baselayer to USB:
netcap -iface XHC20 -base usb
To read offline USB traffic from a PCAP file use:
netcap -r usb.pcap -base usb
Configurable separators for CSV structures
The separator characters for structs in CSV output mode are now configurable via commandline flags.
Default is '(' for opening, '-' as separator for values and ')' for closing.
type Message struct {
string Text
bool Secret
int MagicNumber
}
would appear in CSV like:
(Text-Secret-MagicNumber)
with the concrete field values:
(Hi-true-42)
Configurable gopacket.DecodeOptions
Gopackets DecodeOptions are now configurable via commandline, three options exist:
- lazy (gopacket.Lazy)
- default (gopacket.Default)
- nocopy (gopacket.NoCopy)
By default, netcap uses the the lazy decoding option.
81144a8 LayerEncoders map contains now an array of encoders, to suport multiple encoders for the same layer type
ecbd0ad Merge branch 'master' of github.com:dreadl0ck/netcap
9f1919d Merge pull request #10 from glaslos/mod_lint_clean
5725bf9 OSPF fixes, added handleRawPacketData func
14b5b15 README update
0f175a6 add gopacket.NoCopy to decoding options
0313df1 added ContainsPayloads field to Header and Batch structs
21edc65 added NortelDiscovery to layerEncoders
61390da added OSPF LSA data to audit records
c232065 added flags for BaseLayer and DecodeOptions
abb2158 added gogo proto gode generator for faster protobuf serialization, renamed Size field from several audit records to TotalSize to resolve conflict with generated Size() func
7557ad7 added mac, windows and linux binary releases for all framework components
34c23db added new protocols and source code stats to readme
655a29f added payload flag to preserve payloads for TCP, UDP and USB packets
e013aa5 adjusted logo height
efac59f change sep to dash for better readability
8923641 collector cleanup and comments
9290320 collector cleanup and formatting
90fbb77 fix missing layer encoders
778118a fixed LayerType of BFD
1ab319c fixed build tags for linux
c29bf0b handle error returned by CollectLive
5d7c91a implemented encoding OSPFv2 content section
b0f689c implemented merged LayerEncoders to deal with protocols with multiple versions but one gopacket.LayerType (such as OSPF), LSA type definitions, GRE hotfix, LLDI unified string format
e5e0b5f implemented suport for NortelDiscovery
bbb8885 implemented support for CiscoDiscovery protocol
f90198a implemented support for USBRequestBlockSetup
3411f38 join func leftovers
819b045 logo update
9f1ef6b logo update
343e871 logo update
a4d03ee logo update
88fe7ae logo update
7a655d4 logo update
164bb64 made CSV separator symbols configurable for any runmode
708d96c made structure separators in CSV configurable via commandline
33cedce mod support, cleanup and linting
53ee0ab panic if conversion to CSV fails
e2419b4 remove spaces from copying TeX
ea57de3 removed 1 second sleep after printing CSV header
dbf7029 renamed invalidProto func to invalidEncoder
582d271 replaced strings.Join usage with join func
fdc3c3d strings.Join leftovers
e1b4f7c updated README
d57d265 updated commands.yml and TODOs
dd1d330 updated logo
9990442 version bump to v0.3.9
v0.3.8
Changelog
ecff680 added build.sh script to run docker container and extract compiled binary
5b0faee added notes on cross compilation for linux
4ebacd1 added v0.3.7 dist folder
e888edc added windows build tag to collector
af2438c bootstrapped docker container for compiling linux release
ad1dc0d deleted binary release files
2095ebc generated dist
383b098 implemented support for EAPOL and EAPOLKey
8999c33 refactored encoder package level init because the syscall for detemining block size is not available on windows
3bd6d26 use not windows build tag to allow compilation on macOS
v0.3.7
Changelog
724b4c3 Merge branch 'ipsec-support'
7f35c92 VXLAN support
5b8ed13 added basic ipsec support
c55815e added disclaimer to new files
29185bd added dist and readme for v0.3.6
3082acd added geneve to initRecord func
19c2537 added support for geneve protocol
da5ffe4 added support for ipv6 fragments
2b41330 fix layertypes
9067552 implemented BFD encoder
a573aeb implemented LCM encoder
a323bc3 implemented MPLS encoder
41700e8 implemented VRRPv2 encoder
2ffb1e7 implemented modbusTCP encoder
1c653fd implemented ospf v2 and v3 encoders
2d3b720 implemented support for EAP protocol
73253a2 implemented support for FDDI
67dd59e implemented support for GRE protocol
43f7362 implemented support for USB
6a04651 version 0.3.7