Skip to content

v0.3.9
Compare
Choose a tag to compare
@dreadl0ck dreadl0ck released this 17 Jan 22:46
· 1501 commits to master since this release
v0.3.9
9990442

Changelog

Protocols

Many new protocols have been added since the initial release in December 2018,
including: OSPF, GRE, IPSec, USB, Geneve, VXLAN, LCM, ModbusTCP, MPLS, BFD, EAP, VRRPv2, CiscoDiscovery and more.

Protobuf serialization performance

Since version 0.3.9 proto serialization is much faster,
thanks to a different code generator that generates more efficient code for packing and unpacking the protocol buffers in golang.

with golang code generator:

$ go test -bench=. -v ./types
=== RUN   TestMarshal
--- PASS: TestMarshal (0.00s)
goos: darwin
goarch: amd64
pkg: github.com/dreadl0ck/netcap/types
BenchmarkMarshal-12      	10000000	       184 ns/op	      64 B/op	       1 allocs/op
BenchmarkUnmarshal-12    	10000000	       160 ns/op	      40 B/op	       2 allocs/op
PASS
ok  	github.com/dreadl0ck/netcap/types	3.830s

with gogo code generator:

$ go test -bench=. -v ./types
=== RUN   TestMarshal
--- PASS: TestMarshal (0.00s)
goos: darwin
goarch: amd64
pkg: github.com/dreadl0ck/netcap/types
BenchmarkMarshal-12      	20000000	        89.1 ns/op	      64 B/op	       1 allocs/op
BenchmarkUnmarshal-12    	20000000	       110 ns/op	      40 B/op	       2 allocs/op
PASS
ok  	github.com/dreadl0ck/netcap/types	4.215s

However, for this to work, the fields named Size on several audit records structures had to be renamed, because the new code generator generates a function named Size() on each protocol buffer.

This breaks backwards compatibility to audit records created with version v0.3.8.
Use the -header flag to check which version was used to create the .ncap dumpfile.
The new field name is TotalSize.

Payload capture

It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB

This can be enabled with the -payload flag:

netcap -r traffic.pcap -payload

USB decoding

USB live capture is now possible, currently the following Audit Records exist: USB and USBRequestBlockSetup.

To capture USB traffic live on macOS, install wireshark and bring up the USB interface:

sudo ifconfig XHC20 up

Now attach netcap and set baselayer to USB:

netcap -iface XHC20 -base usb

To read offline USB traffic from a PCAP file use:

netcap -r usb.pcap -base usb

Configurable separators for CSV structures

The separator characters for structs in CSV output mode are now configurable via commandline flags.

Default is '(' for opening, '-' as separator for values and ')' for closing.

type Message struct {
    string Text
    bool   Secret
    int    MagicNumber
}

would appear in CSV like:

(Text-Secret-MagicNumber)

with the concrete field values:

(Hi-true-42)

Configurable gopacket.DecodeOptions

Gopackets DecodeOptions are now configurable via commandline, three options exist:

  • lazy (gopacket.Lazy)
  • default (gopacket.Default)
  • nocopy (gopacket.NoCopy)

By default, netcap uses the the lazy decoding option.

81144a8 LayerEncoders map contains now an array of encoders, to suport multiple encoders for the same layer type
ecbd0ad Merge branch 'master' of github.com:dreadl0ck/netcap
9f1919d Merge pull request #10 from glaslos/mod_lint_clean
5725bf9 OSPF fixes, added handleRawPacketData func
14b5b15 README update
0f175a6 add gopacket.NoCopy to decoding options
0313df1 added ContainsPayloads field to Header and Batch structs
21edc65 added NortelDiscovery to layerEncoders
61390da added OSPF LSA data to audit records
c232065 added flags for BaseLayer and DecodeOptions
abb2158 added gogo proto gode generator for faster protobuf serialization, renamed Size field from several audit records to TotalSize to resolve conflict with generated Size() func
7557ad7 added mac, windows and linux binary releases for all framework components
34c23db added new protocols and source code stats to readme
655a29f added payload flag to preserve payloads for TCP, UDP and USB packets
e013aa5 adjusted logo height
efac59f change sep to dash for better readability
8923641 collector cleanup and comments
9290320 collector cleanup and formatting
90fbb77 fix missing layer encoders
778118a fixed LayerType of BFD
1ab319c fixed build tags for linux
c29bf0b handle error returned by CollectLive
5d7c91a implemented encoding OSPFv2 content section
b0f689c implemented merged LayerEncoders to deal with protocols with multiple versions but one gopacket.LayerType (such as OSPF), LSA type definitions, GRE hotfix, LLDI unified string format
e5e0b5f implemented suport for NortelDiscovery
bbb8885 implemented support for CiscoDiscovery protocol
f90198a implemented support for USBRequestBlockSetup
3411f38 join func leftovers
819b045 logo update
9f1ef6b logo update
343e871 logo update
a4d03ee logo update
88fe7ae logo update
7a655d4 logo update
164bb64 made CSV separator symbols configurable for any runmode
708d96c made structure separators in CSV configurable via commandline
33cedce mod support, cleanup and linting
53ee0ab panic if conversion to CSV fails
e2419b4 remove spaces from copying TeX
ea57de3 removed 1 second sleep after printing CSV header
dbf7029 renamed invalidProto func to invalidEncoder
582d271 replaced strings.Join usage with join func
fdc3c3d strings.Join leftovers
e1b4f7c updated README
d57d265 updated commands.yml and TODOs
dd1d330 updated logo
9990442 version bump to v0.3.9

Assets 6
Loading