Tranalyzer Original

Network network pcap

Source (link to git-repo or to original if based on someone elses unmodified work): Add the source-code for this project on opencode.net

0
6.1
Available as/for: -
Description:

Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump, Wireshark or by its text based packet mode. The program is implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.
Last changelog:

Tranalyzer2 Tarantula version 0.8.9lmw1 is out! 11 days ago

* tranalyzer2:
- Added support for long options
- Added support for t1ha hash functions (meson build backend only)
- PLLIST (plugin loading list) can now be specified as absolute path (previously only possible via tranalyzer -b option)
- Removed global.h:
+ C plugins should include "t2Plugin.h" instead
+ C++ plugins should include "t2Plugin.hpp" instead
- Updated MUM-hash to version 3
- Updated uthash to version 2.1.0
- Updated wyhash to final (?) version (Aug. 2020)
- Updated xxhash to version 0.8.0
- Improved computation of padding bytes for IPv4/6 and LLC
- Bugfix in IPv6 fragmentation handling
* bin2txt.[ch]:
- New B2T_NANOSECS flag replaces old and buggy B2T_TIME_IN_MICRO_SECS
- Bugfix in human readable time string (B2T_TIMESTR)
* t2Plugin.h:
- Added T2_PLUGIN_STRUCT_NEW() macro
* arpDecode:
- Flag ARP Probes and Announcements
* ftpDecode:
- Improved data carving capabilities
- Improved plugin report
- Fixed name of carved data
* ircDecode:
- Extensive refactoring
- Extended flow ouput
- Improved data carving and decoding capabilities
* macRecorder:
- Extended MR_MACLBL to output MAC labels as int, hex or string
- Added src/dstMacLbl to packet mode
- Fixed output of manufacturers in packet mode
* mongoSink, mysqlSink:
- Store MAC and IPv4/6 addresses as requested in bin2txt.h (MAC_FORMAT, MAC_SEP, IP4_FORMAT and IP6_FORMAT)
* nDPI:
- Updated nDPI library to version 3.4
* ospfDecode:
- Added support for OSPFv3
- Improved rospf script to map the network with graphviz
* telnetDecode:
- Improved data carving and decoding capabilities
* tftpDecode:
- Improved plugin report
- Fixed typos in column names
- Extended ouput of flow and packet mode
* voipDetector:
- Improved plugin report
* New mqttDecode plugin
* t2b2t:
- Added -l option to list the column names from a binary file
* t2conf:
- -L option (edit plugin loading list) does not require --gui option anymore
* t2whois:
- Added T2WHOIS_RANDOM flag in t2whois.h to (de)activate testing of random IPs (and drop the dependency to libbsd)
* t2build/autogen.sh:
- Changed default build backend to meson (with a fallback to autotools-out-of-tree)
- Deprecated autotools build backend
* tawk:
- Improved shark() function (query T2 with wireshark/tshark syntax)
- Added more variables descriptions (-V option): ethType, l4Proto, …
* New t2docker script:
- create and manage Tranalyzer Docker containers
- run T2 commands inside Docker containers
* fpsGplt:
- Added -P/--plot option to directly plot the packet signal
* statGplt:
- Added -P/--plot option to directly plot the signals
- Added --iat/--ps/--ps-iat options to generate specific distributions
* t2plugin:
- Renamed from new_plugin
- Create new C, C++ or Rust plugins
- List existing plugins

9

andy

4 years ago

This tool sdaved me a big time in troubleshooting a routing problem at a customer

Report

Tranalyzer2 Tarantula version 0.8.9lmw1 is out! 11 days ago

* tranalyzer2:
- Added support for long options
- Added support for t1ha hash functions (meson build backend only)
- PLLIST (plugin loading list) can now be specified as absolute path (previously only possible via tranalyzer -b option)
- Removed global.h:
+ C plugins should include "t2Plugin.h" instead
+ C++ plugins should include "t2Plugin.hpp" instead
- Updated MUM-hash to version 3
- Updated uthash to version 2.1.0
- Updated wyhash to final (?) version (Aug. 2020)
- Updated xxhash to version 0.8.0
- Improved computation of padding bytes for IPv4/6 and LLC
- Bugfix in IPv6 fragmentation handling
* bin2txt.[ch]:
- New B2T_NANOSECS flag replaces old and buggy B2T_TIME_IN_MICRO_SECS
- Bugfix in human readable time string (B2T_TIMESTR)
* t2Plugin.h:
- Added T2_PLUGIN_STRUCT_NEW() macro
* arpDecode:
- Flag ARP Probes and Announcements
* ftpDecode:
- Improved data carving capabilities
- Improved plugin report
- Fixed name of carved data
* ircDecode:
- Extensive refactoring
- Extended flow ouput
- Improved data carving and decoding capabilities
* macRecorder:
- Extended MR_MACLBL to output MAC labels as int, hex or string
- Added src/dstMacLbl to packet mode
- Fixed output of manufacturers in packet mode
* mongoSink, mysqlSink:
- Store MAC and IPv4/6 addresses as requested in bin2txt.h (MAC_FORMAT, MAC_SEP, IP4_FORMAT and IP6_FORMAT)
* nDPI:
- Updated nDPI library to version 3.4
* ospfDecode:
- Added support for OSPFv3
- Improved rospf script to map the network with graphviz
* telnetDecode:
- Improved data carving and decoding capabilities
* tftpDecode:
- Improved plugin report
- Fixed typos in column names
- Extended ouput of flow and packet mode
* voipDetector:
- Improved plugin report
* New mqttDecode plugin
* t2b2t:
- Added -l option to list the column names from a binary file
* t2conf:
- -L option (edit plugin loading list) does not require --gui option anymore
* t2whois:
- Added T2WHOIS_RANDOM flag in t2whois.h to (de)activate testing of random IPs (and drop the dependency to libbsd)
* t2build/autogen.sh:
- Changed default build backend to meson (with a fallback to autotools-out-of-tree)
- Deprecated autotools build backend
* tawk:
- Improved shark() function (query T2 with wireshark/tshark syntax)
- Added more variables descriptions (-V option): ethType, l4Proto, …
* New t2docker script:
- create and manage Tranalyzer Docker containers
- run T2 commands inside Docker containers
* fpsGplt:
- Added -P/--plot option to directly plot the packet signal
* statGplt:
- Added -P/--plot option to directly plot the signals
- Added --iat/--ps/--ps-iat options to generate specific distributions
* t2plugin:
- Renamed from new_plugin
- Create new C, C++ or Rust plugins
- List existing plugins

Tranalyzer2 Tarantula version 0.8.8lmw4 is out! 8 months ago

* tranalyzer2:
- Improved error reporting
* macRecorder:
- Updated manuf.txt
* sslDecode:
- Updated sslblacklist.[ct]sv
* t2flowstat:
- Improved and extended replacement of flowstat
* t2whois:
- Fixed -k option to generate KML files
* setup.sh:
- Added missing libbsd-devel and readline-devel dependencies for CentOS/Fedora/Red Hat

Tranalyzer2 Tarantula version 0.8.8lmw2 is out! 9 months ago

* setup.sh: added -C option to check for new releases
* tranalyzer2: (thx to Diaf Alaeddine to test this feature)
- Corrected FDURLIMIT mode for unusual bursty traffic
- Added FDLSFINDEX: sub flows can have now the same findex
* dnsDecode: updated maldomain.txt
* icmpDecode:
- Improved packet mode
- Report aggregated icmpStat in final and monitoring report
- Detect covert channels such as Loki or OpenSSH in ICMP
* macRecorder: updated manuf.txt
* sslDecode: updated sslblacklist.[ct]sv
* autogen.sh/t2build:
- Added -B option to change build backend (autotools, autotools-out-of-tree, cmake, meson)
- Added -G option to select CMake generator
* t2fm: added --reset option
* New tutorial: flow mode

Tranalyzer2 Tarantula version 0.8.8lmw1 is out! 11 months ago

* tranalyzer2, basicFlow, utils:
- Subnet control moved from basicFlow to tranalyzer2
- Subnet routines moved from basicFlow to utils/subnet
- New subnet aggregation mode
- IPv4/6 Tor address labeling
- Updated subnet files
- Fixed subnet, Tor generation
* basicFlow, basicStats, connStat: added support for subnet aggregation mode
* tranalyzer2: fixed bug in SCTP engine
* {dns,ssl}Decode,httpSniffer,tcpStates: used field name in 'Aggregated ...' report (easier to grep and decode)
* {json,mongo,mysql,psql,sqlite}Sink: added {JSON,MONGO,MYSQL,PSQL,T2_SQLITE}_SELECT options to only output/insert specific fields into the DB
* sqliteSink:
- Automatically grow query buffer as required
- Replaced SQLITE_QRY_LEN with SQLITE_QRY_MAXLEN to control maximum size of query buffer
- Discard flows which could not de be deserialized instead of exiting
- Use Tranalyzer -w option as database name
* dnsDecode:
- Report percentage of flows with alarms
- Updated domains blacklist
* entropy: added end report
* fnameLabel: added configuration flags: FNL_LBL, FNL_HASH, FNL_FLNM and FNL_FREL
* geoip:
- Replaced GEOIP_LEGACY configuration flag with GEOIP_LIB=[0,1,2]
- Faster direct MaxMindDB access
- t2mmdb: fast direct request to MaxMindDB
- t2mmdba: convert MaxMindDB to T2 subnet format
* macRecorder:
- Improved MAC labelling
- Updated manufacturers list
- Reduced memory usage
* nDPI: updated nDPI library to version 3.2
* regex_pcre: report percentage of flows with alarms
* sshDecode:
- Added SSH_ALGO to display chosen algorithms
- Added SSH_LISTS to display lists of supported algorithms
- Added SSH_FINGERPRINT to output fingerprints as MD5 or SHA256
- Improved detection of Elliptic Curve Diffie-Hellman Key Exchange
* sslDecode: updated blacklist
* bin2txt: added B2T_NON_IP_STR macro to configure representation of non-IPv4/6 addresses in IP columns
* t2whois: added '-D' option to run as a server
* t2netID: decode T2 hexadecimal country organisation codes (refer to basicFlow and BFO_SUBNET_HEX=1)
* scripts:
- t2_aliases: new t2mmdb and t2netID aliases
- t2build/autogen.sh: new -U option to update databases, blacklists, ...
- t2fm:
+ Added top organisations section
+ Added SSH section with top connections and known HASSH signatures
+ Added --hide-{user,pass,user-pass} options to obfuscate usernames/passwords
+ Added --no-* options to discard specific sections of the report
+ New -NUM (-0, -1, ...) option to control the number of queries to run in parallel
- t2plot: allow for '*' in -s[xyz] options, e.g., -sx '0:*'
- t2utils.sh: new helper functions: find_most_recent_{dir,file}, t2_wget[_n], t2_build_exec, ask_default_{no,yes}

Tranalyzer2 Tarantula version 0.8.7lmw1 is out! 1 year ago

* scripts:
- t2conf, t2test, t2fm, tawk: bugfixes and improvements
- Simplified configuration
* tranalyzer2:
- Flag and handle IP packets with payload length > framing length
- Flag IPv4 packets with header length < 20 bytes
- Fixed column names for REPORT_HIST=1
- Fixed l7Len for OSPFv2
- Added support for Ethernet over MPLS
* arpDecode: fixed detection of gratuitous ARP
* basicFlow: new subnetfiles, hex coding for country now 9 bits
* ospfDecode: bugfixes, code hardening
* tcpFlags:
- MPTCP new features, thx to Theresa TU Berlin
- Flag and handle corrupt IPv4 options with length = 0
* regex_pcre: New engine and regfile format

Tranalyzer2 Tarantula version 0.8.6lmw1 is out! 1 year ago

* basicFlow:
- t2whois: new program to query Tranalyzer databases
- New subnet files, county city configurable
* basicStats: report L2 and L3 biggest talkers
* geoip: updated GeoLite2 database
* macRecorder:
- Report min, max and average MAC pairs per flow
- Updated manuf database
* nDPI: updated nDPI library to version 3.0
* {radius,smtp}Decode: bugfixes
* sctpDecode: merged SCTP_CHNKVAL and SCTP_CHNKSTR
* sshDecode: compute and lookup HASSH fingerprints
* sslDecode: updated blacklist
* t2caplist: added -z and -R options, various fixes
* t2conf: added bash/zsh completion for -D and -G options
* t2plot:
- Added support for drawing histograms (-H and -D options)
- Added -c option to customise chart color
* Tester.py:
- Make sure to restore default configuration when toggle test failed
- New options -S1, -S2 and -J (bit shift and Johnson counter)
- New option -e to ignore compilation errors caused by '#error' macro
- New 't2test' alias to run the tester from anywhere
* fpsGplt:
- fpsEst was merged into fpsGplt as '-j' option
- Improved '-d' option: -d 0|1 is now -d A|B
* protStat:
- Added -C option to not output percentages
- Added -r option to sort in reverse order
- Added -H, -HR and -HH options to control the formatting of numbers
- Added --color[=WHEN] option (default: no color if output redirected)
* t2b2t:
- Utility to convert T2 binary files (renamed from tranalyzer-b2t)
- Automatically compiled when building binSink or socketSink (CONTENT_TYPE=0)
* t2_aliases: new t2b2t and t2whois alias
* setup.sh: added -u/-U option to (not) update the databases

Tranalyzer2 Tarantula version 0.8.5lmw1 is out! 1 year ago

* WINDOWS 10 version
* packetCapture: Bugfix: Fragment hash lookup missing l4proto
* tcpFlags: Bugfixes
- ipFlags: Fragmentation and OSPF checksum calculation
- ipFlags: Min frag flag not at last packet
- Limit pseudo header calculation, OSPF has not pseudo header
- Packet Mode: relative Seq/Ack Number Calculation
- TCP time option: fix of uptime clock estimation
- WSC value
- Scan Detector
* httpSniffer: robust against corrupted chunked pages

Tranalyzer2 Tarantula version 0.8.4lm2 is out! 1 year ago

* basicFlow: improved subnet files
* dnsDecode: updated blacklists
* geoip: updated GeoLite2 database
* macRecorder: updated manuf database
* sslDecode: updated certificate blacklist

Tranalyzer2 Tarantula version 0.8.2lm2 is out! 2 years ago

* Fix for OSX

Tranalyzer2 Tarantula version 0.8.2lm1 is out! 2 years ago

* New plugin: findexer
* basicFlow:
* Updated IPv4/6 databases
* Flag Tor addresses
* dnsDecode: blacklisted domain names detection
* geoip: updated databases
* nDPI: updated nDPI library to 2.6.0
* pwX: improved detection of HTTP based credentials
* sslDecode: updated JA3/JA3S database and SSL blacklist
* ftpDecode: bugfixes
* tranalyzer2:
* Improved final and monitoring reports
* Improved network aggregation mode IPv4/6
* autogen.sh:
* Faster parallel compilation
* New -P/--profile option
* Simpler control of MAC addresses representation (utils/bin2txt.h):
* MAC_FORMAT: 0: string, 1: hex
* MAC_SEP: separator for MAC addresses as string (default: ":")
* Avoid unecessary dependency to zlib (*Sink)
* tawk: removed deprecated function bitisset
* Use bitsanyset and bitsallset instead
* Bugfixes and code hardening

Tranalyzer2 Tarantula version 0.8.1lm3 is out! 2 years ago

* More Traffic Mining features in nFrstPkts
* Improved scripts and tutorials (see https://tranalyzer.com/tutorials)
* tcpFlags: minwinsz detection, doc
* telnetDecode: bug fixes
* Minor code refactoring

Tranalyzer2 Tarantula version 0.8.1lm2 is out! 2 years ago

* Fix for older distributions where zlib version < 1.2.9

Tranalyzer2 Tarantula version 0.8.1 is out! 2 years ago

* New plugins: sslDecode (SSL/TLS, including JA3 hash), p0f (OS fingerprinting)
* Improved t2fm: create PDF report from MongoDB or PostgreSQL database
* nFrstPkt: new signal preprocessing features
* New t2plot and traffic mining scripts
* Improved dnsDecode and arpDecode
* txtSink: added option to compress (gzip) the output
* geo labeling information for packet mode (-s option)
* checkout our tutorials

12345678910
2
product-maker andy Mar 23 2017 9 excellent
product-maker bobby-bob Mar 22 2017 9 excellent
Be the first to comment
*Needs pling-store or ocs-url to install things
Pling
0 Affiliates
Details
license
GPLv3
version
0.8.9
updated Apr 02 2021
added Mar 22 2017
downloads 24h
0
mediaviews 24h 0
pageviews 24h 6