mammo0
diff --git a/‎ChangeLog
Lines changed: 59 additions & 10 deletions b/‎ChangeLog
Lines changed: 59 additions & 10 deletions
diff --git a/‎PacketParser/CleartextTools/BloomFilter.cs
Lines changed: 12 additions & 12 deletions b/‎PacketParser/CleartextTools/BloomFilter.cs
Lines changed: 12 additions & 12 deletions
diff --git a/‎PacketParser/Events/ParametersEventArgs.cs
Lines changed: 14 additions & 14 deletions b/‎PacketParser/Events/ParametersEventArgs.cs
Lines changed: 14 additions & 14 deletions
diff --git a/‎PacketParser/FileTransfer/FileSegmentAssembler.cs
Lines changed: 0 additions & 28 deletions b/‎PacketParser/FileTransfer/FileSegmentAssembler.cs
Lines changed: 0 additions & 28 deletions
@@ -1,16 +1,65 @@
+NetworkMiner 2.7.1
+	* PacketHandler.cs: Fixed bug related to live sniffing. Thanks to Jeff Rivett for
+	  reporting the issue!
+
+NetworkMiner 2.7
+    * WinPCapWrapper.cs: Changed int pointers to 64 bit values in order to handle WinPcap
+	  and npcap drivers correctly.
+	  Thanks to Jeff Rivett for reporting the issue!
+
+	* Smb2PacketHandler.cs: Added requested SMB2 filename info from SMB2 Create Requests
+	  and error messages from negative SMB2 responses to Parameters tab.
+
+	* Smb2Packet.cs: Better extraction of SMB2 file transfers by extracting End-of-File
+	  values from Smb2CreateResponse.
+
+	* LpdPacket.cs: Added support for Line Printer Daemon Protocol (RFC1179).
+	  Thanks to Hayo Brouwer (of Ricoh) for helping out with capture files!
+
+	* NetworkTcpSession.cs: Modified TCP Keepalive handling to support protocols
+	  that transmit 1 byte TCP payloads containing a 0x00 byte (like LPD).
+
+	* TcpPacket.cs: Changed GetSubPackets function to allow application layer packets
+	  with only one byte of L7 data to be returned.
+
+	* SatoriTcpOsFingerprinter.cs: Improved performance by indexing fingerprints based
+	  on TCP flags.
+
+	* HttpPacketHandler.cs: Generic extraction of files sent with HTTP POST, including
+	  WAP.MMS messages. More files are now extracted from HTTP POST uploads.
+
+	* DnsPacket.cs: Added extraction of TXT records to DNS tab
+
+	* DnsPacket.cs: Added extraction of SRV records to DNS tab
+
+	* NetworkMinerForm.cs: Double-clicking on a file now opens up the file details window
+
+	* ExtractedFileDetailsForm.cs: Added hex viewer to file details window
+
+	* FileStreamAssembler.cs: The file extension is now identified based on the contents
+	  of the file's header (fewer "octet-stream" files, more ".exe" and ".zip" etc.)
+
+	* NetworkMinerForm.cs: Added warning message when trying to open/run an executable
+	  file with right-click -> "Open file"
+
+	* TlsRecordPacket.cs: Extraction of JA3S hashes from TLS Server Hello packets to
+	  Parameters tab and Host Details
+
+	* PcapParser.cs: Added support for nanosecond PCAP files
+
 
 NetworkMiner 2.6
 
-	* KerberosPacketHandler.cs: Better extraction of Salt from Kerberos ERROR packets.
+   * KerberosPacketHandler.cs: Better extraction of Salt from Kerberos ERROR packets.
 
-	* NtlmSspPacketHandler.cs: Added John-the-Ripper formated extraction of LanMan, NTLMv1
-	  and NTLMv2 challenge/response hashes
-	  LanMan example: $LM$A9C604D244C4E99D
-	  NTLMv1 example: $NETNTLM$1122334455667788$B2B2220790F40C88BCFF347C652F67A7C4A70D3BEBD70233
-	  NTLMv2 example: $NETNTLMv2$NTLMV2TESTWORKGROUP$1122334455667788$07659A550D5E9D02996DFD95C87EC1D5$0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000
-	  - LM (hashcat "-m 3000")
-	  - NETNTLM (hashcat "-m 5500")
-	  - NETNTLMv2 (hashcat "-m 5600")
+   * NtlmSspPacketHandler.cs: Added John-the-Ripper formated extraction of LanMan, NTLMv1
+     and NTLMv2 challenge/response hashes
+     LanMan example: $LM$A9C604D244C4E99D
+     NTLMv1 example: $NETNTLM$1122334455667788$B2B2220790F40C88BCFF347C652F67A7C4A70D3BEBD70233
+     NTLMv2 example: $NETNTLMv2$NTLMV2TESTWORKGROUP$1122334455667788$07659A550D5E9D02996DFD95C87EC1D5$0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000
+     - LM (hashcat "-m 3000")
+     - NETNTLM (hashcat "-m 5500")
+     - NETNTLMv2 (hashcat "-m 5600")
 
    * HttpPakcetHandler.cs: Improved extraction of json data sent in HTTP(2) POST requests.
      Now with support for Content-Encoding: gzip
@@ -47,7 +96,7 @@ NetworkMiner 2.6
      attachment filenames.
 
    * SipPacketHandler.cs: SIP chat messages [RFC3428] are extracted to the "Messages" tab.
-     Audio extraction of VoIP calls is still a feature that is exlusively available only
+     Audio extraction of VoIP calls is still a feature that is exclusively available only
 	 in NetworkMiner Professional though.
 
    * HttpPacketHandler.cs and Http2PacketHandler.cs: The HTTP header "Accept-Language" and
 
@@ -27,19 +27,22 @@ public BloomFilter(ICollection<string> wordList) {
             this.indexMask=indexSize-1;
 
             this.bitArray=new BitArray(indexSize, false);//2^24 bits = 16MByte
-            this.nHashFunctions=(int)(0.7*indexSize/wordList.Count);
+            if (wordList.Count == 0)
+                this.nHashFunctions = 1;
+            else
+                this.nHashFunctions=(int)(0.7*indexSize/(wordList.Count));
 
             foreach(string s in wordList)
-                AddWord(s);
+                this.AddWord(s);
             for(int i=0; i<bitArray.Length; i++)
-                if(bitArray[i])
-                    tmpStatFilledValues++;
+                if(this.bitArray[i])
+                    this.tmpStatFilledValues++;
         }
 
         public bool HasWord(string word) {
-            int[] indexes=GetIndexes(word);
+            int[] indexes= this.GetIndexes(word);
             foreach(int index in indexes)
-                if(!bitArray[index])
+                if(!this.bitArray[index])
                     return false;
             return true;
         }
@@ -50,19 +53,16 @@ private int[] GetIndexes(string word) {
             //simple hash method
             for(int i=0; i<indexes.Length; i++) {
                 int hash=(word+i.ToString()).GetHashCode();
-                //indexes[i]=(hash^(hash>>16))&indexMask;
-                indexes[i] = (hash * i * 7) & indexMask;
+                indexes[i] = (hash * i * 7) & this.indexMask;
             }
-            //System.Cry
-
             return indexes;
         }
 
         private void AddWord(string word) {
             word=word.ToLower();
-            int[] indexes=GetIndexes(word);
+            int[] indexes= this.GetIndexes(word);
             foreach(int index in indexes)
-                bitArray[index]=true;
+                this.bitArray[index]=true;
             this.wordCount++;
 
 
 
@@ -17,20 +17,6 @@ public class ParametersEventArgs : EventArgs, System.Xml.Serialization.IXmlSeria
         private ParametersEventArgs() { }//for serialization purposes
 
 
-        [Obsolete]
-        public ParametersEventArgs(long frameNumber, NetworkHost sourceHost, NetworkHost destinationHost, string sourcePort, string destinationPort, IEnumerable<KeyValuePair<string,string>> parameters, DateTime timestamp, string details) {
-            this.FrameNumber = frameNumber;
-            this.SourceHost = sourceHost;
-            this.DestinationHost = destinationHost;
-            this.SourcePort = sourcePort;
-            this.DestinationPort = destinationPort;
-            this.Parameters = new System.Collections.Specialized.NameValueCollection();
-            foreach (KeyValuePair<string, string> kvp in parameters)
-                this.Parameters.Add(kvp.Key, kvp.Value);
-            this.Timestamp = timestamp;
-            this.Details = details;
-        }
-
         public ParametersEventArgs(long frameNumber, NetworkHost sourceHost, NetworkHost destinationHost, FiveTuple.TransportProtocol transport, ushort sourcePort, ushort destinationPort, System.Collections.Specialized.NameValueCollection parameters, DateTime timestamp, string details) : this(frameNumber, sourceHost, destinationHost, transport.ToString() + " " + sourcePort, transport.ToString() + " " + destinationPort, parameters, timestamp, details) {
             //nothing more to add
         }
@@ -46,6 +32,20 @@ private ParametersEventArgs(long frameNumber, NetworkHost sourceHost, NetworkHos
             this.Details=details;
         }
 
+        [Obsolete]
+        public ParametersEventArgs(long frameNumber, NetworkHost sourceHost, NetworkHost destinationHost, string sourcePort, string destinationPort, IEnumerable<KeyValuePair<string, string>> parameters, DateTime timestamp, string details) {
+            this.FrameNumber = frameNumber;
+            this.SourceHost = sourceHost;
+            this.DestinationHost = destinationHost;
+            this.SourcePort = sourcePort;
+            this.DestinationPort = destinationPort;
+            this.Parameters = new System.Collections.Specialized.NameValueCollection();
+            foreach (KeyValuePair<string, string> kvp in parameters)
+                this.Parameters.Add(kvp.Key, kvp.Value);
+            this.Timestamp = timestamp;
+            this.Details = details;
+        }
+
         [Obsolete]
         public ParametersEventArgs(long frameNumber, FiveTuple fiveTuple, bool transferIsClientToServer, System.Collections.Specialized.NameValueCollection parameters, DateTime timestamp, string details) {
             this.FrameNumber = frameNumber;
 
@@ -79,40 +79,12 @@ internal FileSegmentAssembler(string fileOutputDirectory, NetworkTcpSession netw
             this.fiveTuple = networkTcpSession.Flow.FiveTuple;
             this.transferIsClientToServer = transferIsClientToServer;
 
-            /*
-            if (this.fileTransferIsServerToClient) {
-                this.sourceHost = networkTcpSession.ServerHost;
-                this.destinationHost = networkTcpSession.ClientHost;
-                this.sourcePort = networkTcpSession.ServerTcpPort;
-                this.destinationPort = networkTcpSession.ClientTcpPort;
-            }
-            else {
-                this.sourceHost = networkTcpSession.ClientHost;
-                this.destinationHost = networkTcpSession.ServerHost;
-                this.sourcePort = networkTcpSession.ClientTcpPort;
-                this.destinationPort = networkTcpSession.ServerTcpPort;
-            }*/
-
-            /*
-            this.filePath = filePath;
-            this.uniqueFileId = uniqueFileId;
-            this.parentAssemblerList = parentAssemblerList;
-            this.fileStreamAssemblerList = fileStreamAssemblerList;
-            this.fileStreamType = fileStreamType;
-            this.details = details;
-            */
         }
 
         internal FileSegmentAssembler(string fileOutputDirectory, bool transferIsClientToServer, string filePath, string uniqueFileId, FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, PopularityList<string, PacketParser.FileTransfer.FileSegmentAssembler> parentAssemblerList, FileStreamTypes fileStreamType, string details, FiveTuple fiveTuple, string serverHostname)
             : this(fileOutputDirectory, filePath, uniqueFileId, fileStreamAssemblerList, parentAssemblerList, fileStreamType, details, serverHostname) {
             this.fiveTuple = fiveTuple;
             this.transferIsClientToServer = transferIsClientToServer;
-            /*
-            this.sourceHost = sourceHost;
-            this.destinationHost = destinationHost;
-            this.sourcePort = sourcePort;
-            this.destinationPort = destinationPort;
-            */
         }
 
         private FileSegmentAssembler(string fileOutputDirectory, string filePath, string uniqueFileId, FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, PopularityList<string, PacketParser.FileTransfer.FileSegmentAssembler> parentAssemblerList, FileStreamTypes fileStreamType, string details, string serverHostname) {