Wednesday, December 17, 2008

Updated Software

NetworkMiner -
Ok, been spending a lot of time trying to crash NetworkMiner for the author. Found a nice little bug he had going and a quite a few crashes. All of those are fixed in 0.87 which was recently released. If you are using NetworkMiner I highly recommend updating to the latest version to fix the nasty little bug earlier versions had on saving files.

Satori -
also been spending a lot of time with Erik, author of NetworkMiner, and Jeff (from a private company) on updating the dhcp.xml file schema. Jeff had a lot of good recommendations and has provided a few new fingerprints. Between the 3 of us we updated the schema to a very good 1.0 version I think. I may do an overhaul of it a year or two down the road to add some other functionality into it, but we'll see. Anyway, the new version allows us to group Devices much nicer than before. For Satori it will give me the ability to group Devices across fingerprinting files (dhcp, icmp, tcp) since all 3 have been updated to the new format. Not sure when I'll add the functionality to utilize it, but it is updated along with the removal of a lot of old information in the dhcp.xml file that came from the project. It was nice to have at one point, but since they do not track if it is a dhcp inform/discover/request packet, it doesn't do me any good anymore, so it was removed, along with some other fingerprints I got from files around the same time and did not get everything I needed!

Always looking for new fingerprints. And on that note, I setup an account dhcpfingerprints [AT] specifically for fingerprints, originally for dhcp ones (since that is how most people keep finding out about Satori), but will probably use it for all fingerprints.

No comments: