$Id: CHANGES,v 1.54 2000/12/17 16:39:05 dugsong Exp $ v2.3 Sun Dec 17 11:35:38 EST 2000 - Add VRRP parsing to dsniff, from Eric Jackson . - Require pcap filter argument for tcpkill, tcpnice. - Add Microsoft PPTP MS-CHAP (v1, v2) parsing to dsniff, based on anger.c by Aleph One . - Fix pcAnywhere 7, 9.x parsing in dsniff. - Add -t trigger[,...] flag to dsniff, to specify individual triggers on the command line. - Convert most everything to use new buf interface. - New programs: dnsspoof, msgsnarf, sshmitm, webmitm. - Fix inverted regex matching in *snarf programs. - Consistent arpspoof, macof, tcpnice, tcpkill output. - Rename arpredirect to arpspoof (maintain consistent *sniff, *snarf, *spoof, *spy nomenclature). - Consistent pcap filter argument to dsniff, *snarf programs. - Add trigger for Checkpoint Firewall-1 Session Authentication Agent (261/tcp), as suggested by Joe Segreti . - Add SMTP parsing to dsniff, as requested by Denis Ducamp . - Add rexec and RPC ypserv parsing to dsniff, as requested by Oliver Friedrichs . - Add HTTP proxy auth parsing back to dsniff, it got lost in the shuffle. Reported by Denis Ducamp . - Add NNTPv2 and other AUTHINFO extensions to dsniff. v2.2 Wed Jun 14 00:58:37 EDT 2000 - Rewrite HTTP decoding in dsniff, adding support for QUERY_STRING and x-www-form-urlencoded parsing (various CGI authentication schemes). - Alpha support (libnids and libnet still need to be fixed). - Fix arp discovery in arpredirect on Linux. - Add -m flag to enable automatic protocol detection in dsniff, based on the classic file(1) command by Ian Darwin. - Add TDS (Sybase, Microsoft SQL Server) parsing to dsniff. - Clean up RPC decodes, TCP half-duplex reassembly in dsniff. - New filesnarf program. - Add regular expression matching to mailsnarf. - Add POP support to mailsnarf. v2.1 Thu May 18 16:18:35 EDT 2000 - Add -c flag to specify half-duplex TCP stream reassembly in dsniff (better support for sniffing off switched ports using arpredirect). - Fix > 24 char Meeting Maker passwd parsing in dsniff. - Fix OSPF parsing in dsniff (don't truncate first two chars), as reported by Felix Contreras . - Fix webspy URL ignoring, as reported by Interrupt . v2.0 Tue May 16 13:11:22 EDT 2000 - Major dsniff rewrite, since ppl are actually reading this code. :-) - Add configurable decode triggers to dsniff. - Add dsniff debugging functions, split out decode routines. - Add yppasswd parsing to dsniff. - Rewrite dsniff RPC framework, portmap and NFS mountd decodes. - Make dsniff savefile format portable. - Remove findgw - to be subsumed by dsquat package. - Add PostgreSQL parsing to dsniff. - Add Meeting Maker parsing to dsniff. - Add poppass parsing to dsniff. - Add RIP, OSPF parsing to dsniff. - Fix RSET handling in mailsnarf (from Martin Fredriksson ). v1.8 Sun Apr 9 23:59:46 EDT 2000 - Add SOCKS parsing to dsniff. - Add pcAnywhere parsing to dsniff. - Fix SMB parsing in dsniff. - Add IRC parsing to dsniff. - Add NAI Sniffer parsing to dsniff (from Anonymous). v1.7 Mon Mar 27 16:19:32 EST 2000 - Add -s flag to specify snaplen to dsniff. - Support systems without or dirname(). - Add Microsoft SMB parsing to dsniff. - Add Citrix ICA parsing to dsniff. - Add LDAP parsing to dsniff. - Fix Berkeley mbox format again (\n, not \r\n). - Fix null URI dereference in urlsnarf. - Add Oracle SQL*Net (v2, Net8) parsing to dsniff. - Catch data left on connection close in mailsnarf, urlsnarf, webspy. v1.6 Sun Mar 12 16:25:09 EST 2000 - Support non-glibc Linux systems missing ether_ntoa(). - Unique HTTP auth info by URI dirname in dsniff. - Add Napster parsing to dsniff. - Don't rely on /etc/services for dsniff. - Add AIM, ICQ (v2, v5) parsing to dsniff. - Add CVS pserver parsing to dsniff. - Skip IMAP command tag in dsniff. v1.5 Tue Feb 15 23:22:25 EST 2000 - Fix HTTP proxy support in urlsnarf (from ). - Fix HTTP proxy support in dsniff (from ). - Proper manpages for all programs. - Strip binary nulls in telnet input, in dsniff (doh!). v1.4 Thu Jan 27 12:08:41 EST 2000 - Add verbose flag (-v) to tcpkill, tcpnice. - Add NNTP parsing to dsniff (from Felix von Leitner ). - Fix mailsniff mbox formatting of ^From in message body. - Add HTTP proxy support in dsniff, urlsnarf, webspy. - Fix getopt() usage to be POSIX compliant (s/EOF/-1/). - New tcpnice program. v1.3 Fri Jan 21 02:47:37 EST 2000 - Ported to Solaris (along with libnids :-) - Add Berkeley db(3) output file format to dsniff, as well as restricting logging to unique auth info. - New tcpkill program. - New lame dsniff(8) manpage. - Add DNS lookups (and -n flag to disable) in dsniff, urlsnarf. - Add HTTP Basic Authentication, Referer, User-Agent logging to urlsnarf. - Improve RPC message parsing in dsniff. - Improve SMTP parsing in mailsnarf. - Improve HTTP 1.x parsing in dsniff, urlsnarf, webspy. - Fix IMAP, Rlogin, Telnet option parsing in dsniff (broke them in 1.2). - Add X11 MIT-MAGIC-COOKIE parsing to dsniff. - Don't forget to decode POP SASL username in dsniff (doh!). v1.2 Sat Jan 8 22:36:42 EST 2000 - Ported to FreeBSD (but not tested!). - Add GNU autoconf support. - Add NFS mount parsing / RPC framework to dsniff. - Add -i flag to specify interface to use with dsniff, mailsnarf, urlsnarf, and webspy. v1.1 Tue Dec 21 10:31:42 EST 1999 (re-released) - Make macof loop repeatedly if missing -n argument. - Remove dependencies on unreleased version of libnids. - Make arpredirect restore original ARP mapping on exit. - Ported to Linux & Solaris (but not tested!). v1.0 Fri Dec 17 02:42:42 EST 1999 - First public release.