$Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ 2008-07-24 Roy Hills <Roy.Hills@nta-monitor.com> * ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from IEEE website using get-oui and get-iab Perl scripts. * configure.ac: Incremented version to 1.7. 2008-07-11 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.a: Removed reference to RMIF environment variable. arp-scan now uses the value specified with --interface, or if that is not specified, picks an interface with pcap_lookupdev(). * configure.ac: Incremented version to 1.6.4 for pre-release testing. * *.c, *.h: Modified copyright statements to read 2005-2008. 2008-05-03 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Added --pcapsavefile (-W) option to allow received ARP responses to be saved in the specified pcap savefile for later analysis. * TODO: Removed plan to support libpcap 0.7 as just about every system has at least libpcap 0.8, and most have 0.9. * arp-scan.c: changed display_packet() so it displays the source address from the frame header in parens if it is different from the ar$sha address. E.g. 192.168.1.255 ff:ff:ff:ff:ff:ff (00:03:a0:88:eb:a8) Broadcast 2007-12-10 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Change most calls to strtol() to use the new wrapper function Strtol() instead, because this checks for errors. Previously, a non-numeric value would be converted to zero without any error, meaning something like "--snap=xxx" would be silently accepted. Now such invalid inputs results in an error. * arp-scan.c: Added new --vlan (-Q) option to support sending ARP packets with an 802.1Q VLAN tag. Response packets with an 802.1Q tag are decoded and displayed irrespective of this option. 2007-04-17 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.h: Reduced MAX_FRAME from 65536 to 2048 bytes. * arp-scan.c: Add the optional padding in marshal_arp_pkt(), and avoid potential buffer overflow if padding is longer than the remaining buffer size. * arp-scan.c: Changed display_packet() to take ARP structure, extra data and framing type as parmaters passed from callback() to avoid having to call unmarshal_arp_pkt() twice. This also means that we don't need to pass the raw frame to display_packet() now as it has the data in individual variables. * arp-scan.c: Move padding addition to marshal_arp_pkt(). 2007-04-14 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.h, arp-scan.c: Changed MAXIP to MAX_FRAME and changed value to 65536 bytes. This is the maximum allowable frame size, which is used to size read/write buffers. This is much larger than any layer-2 frame. * arp-scan.h: Changed PACKET_OVERHEAD to 18 (6+6+2 ... +4) and MINIMUM_FRAME_SIZE to 46. * arp-scan.h: undefine SYSLOG, as we don't use this any more, and I doubt that anyone else needs it. The syslog functionality may be removed in a future release. 2007-04-13 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Added support for RFC 1042 LLC/SNAP framing with the new --llc (-L) option. 2007-04-12 Roy Hills <Roy.Hills@nta-monitor.com> * Released arp-scan version 1.6. tarball arp-scan-1.6.tar.gz, size 319,566 bytes md5sum eb24303c6eb4d77c3abf23511efce642 2007-04-10 Roy Hills <Roy.Hills@nta-monitor.com> * mt19937ar.c: New file - Mersenne Twister random number generator. * arp-scan.c: Changed random number implementation to use the mersenne twister functions from mt19937ar.c rather than random() from the C library. This improves portability, as random() is not part of standard C. * Updated ieee-oui.txt and ieee-iab.txt from the IEEE website using get-oui and get-iab Perl scripts. 2007-04-08 Roy Hills <Roy.Hills@nta-monitor.com> * utils.c: Removed ununsed function printable(). * arp-scan.c: Added /* NOTREACHED */ comments in appropriate places. Removed uneeded max_iter global variable. Added call to pcap_lib_version() in arp_scan_version(). * configure.ac: Changed check for pcap_datalink_val_to_name() to check for pcap_lib_version() instead. 2007-04-06 Roy Hills <Roy.Hills@nta-monitor.com> * configure.ac: Added checks for strlcat and strlcpy, with replacement functions using the OpenBSD implementations if they are not present. * strlcat.c, strlcpy.c: New source files from the OpenBSD source at http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string * *.c: replaced most calls to strcat and strncat with strlcat, and calls to strcpy and strncpy with strlcpy. Two calls to strncpy remain because the source strings are not null terminated. 2007-04-05 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Check the return status of pcap_dispatch() against -1 rather than < 0 to check for error because the use of pcap_breakloop results in a return status of -2, and this is not an error. Even though we don't use pcap_breakloop, we should still behave correctly if it used in the future. * arp-scan.c: Check return status of inet_pton() seperately against < 0, which indicates and error, and against == 0, which indicates that the string is not a valid address. Previously we handled these together with the comparison <= 0. Also return from add_host() immediately if the host lookup fails. 2007-04-04 Roy Hills <Roy.Hills@nta-monitor.com> * arp-fingerprint: Check that the target host specification is not an IP network or range, and terminate with an error message if it is. Some users have mistakenly tried to use arp-fingerprint against a network, and I want to give a better error message in these cases. * arp-fingerprint: Remove the default "-N" from the arp-scan command line as it is valid to use a hostname. Modified the associated manpage so it agrees with this change. 2007-04-03 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Add ioctl to reduce the bufmod timeout to zero for Solaris (DLPI). This prevents buffering, and ensures that packets are available immediately. This allows arp-scan to work on Solaris (tested on Solaris/SPARC 2.9 with Libpcap 0.9.5). 2007-03-29 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Change help output, so we display the default value for the --bandwidth option, and don't display it for the --interval option (as the latter will always be zero because we use bandwidth by default). Updated arp-scan.1 manpage with the new output. 2007-02-15 Roy Hills <Roy.Hills@nta-monitor.com> * link-dlpi.c: Wrote link-level functions for DLPI. Compiles on Solaris 9, but not fully tested. 2007-01-26 Roy Hills <Roy.Hills@nta-monitor.com> * Updated ieee-oui.txt and ieee-iab.txt from the IEEE website using get-oui and get-iab Perl scripts. 2006-07-26 Roy Hills <Roy.Hills@nta-monitor.com> * Released version 1.5. Tarball details: -rw-rw-r-- 1 rsh nta 298917 2006-07-26 13:50 arp-scan-1.5.tar.gz 85b0e04323ce3a423f60ab905a589856 arp-scan-1.5.tar.gz Version details: $Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ $Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ $Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ $Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ $Id: ChangeLog 13738 2008-07-24 19:02:48Z rsh $ * configure.ac: Incremented version number to 1.5.1 in preparation for post-1.5 changes. 2006-07-24 Roy Hills <Roy.Hills@nta-monitor.com> * ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from IEEE website using get-oui and get-iab Perl scripts. 2006-07-22 Roy Hills <Roy.Hills@nta-monitor.com> * configure.ac: Increased version number to 1.4.5. * README: Added installation instructions. 2006-07-21 Roy Hills <Roy.Hills@nta-monitor.com> * link-bpf.c: New file containing link-level sending functions for BPF as used by BSD OSes. * link-packet-socket.c: Changed socket protocol from SOCK_DGRAM to SOCK_RAW, so the entire Ethernet frame including the header can be controlled. * arp-scan.c: Changed to build entire outgoing frame, rather than just the ARP payload. * arp-scan.c: Modifications to support BPF link-layer. This has been tested on FreeBSD 6.1, OpenBSD 3.9, NetBSD 3.0.1 and Darwin 7.9.0 (MacOS 10.3.9). * arp-scan.c: Changed operation of the --srcaddr option. Now it sets the hardware address in the frame header of outgoing packets without altering the address of the outgoing interface. * link-packet-socket.c, link-bpf.c: Removed set_hardware_address() function, as this is no longer needed with the new operation of the --srcaddr option. 2006-07-11 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c: Removed unneeded gettimeofday() call in add_host(). This increases the host addition rate considerably, so adding a class-A network (2^24 hosts) now takes 15 seconds as opposed to 80 seconds. 2006-07-10 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.h, arp-scan.c: Removed unneeded element "n" from host entry structure. This reduces the per-host memory usage from 32 bytes per host to 28 bytes per host. * mac-vendor.5: New manual page for the mac-vendor.txt file format. 2006-07-03 Roy Hills <Roy.Hills@nta-monitor.com> * link-packet-socket.c: New file containing all functions that use Linux packet socket link layer interface. This moves all the packet-socket implementation dependent to this one file, which should make future porting to other operating systems easier. * arp-scan.c, arp-scan.h: Modified to use link-layer functions in new link-packet-socket.c file. * configure.ac: Increased version number to 1.4.2. 2006-06-28 Roy Hills <Roy.Hills@nta-monitor.com> * arp-scan.c, arp-scan.h: removed the unneeded ip_address union and replaced it with "struct in_addr". As arp-scan is only applicable to IPv4, we don't need to use the union. This change reduces the size of an address from 16 bytes to 4, and reduces the per-host memory usage from 44 bytes/host to 32. * arp-fingerprint: Added Windows Vista Beta 2 fingerprint. 2006-06-27 Roy Hills <Roy.Hills@nta-monitor.com> * configure.ac: Increase version number to 1.4.1 in preparation for future changes. 2006-06-26 Roy Hills <Roy.Hills@nta-monitor.com> * Released version 1.4. This is the first stable version. v1.3 was a beta, and v1.0, 1.1 and 1.2 were NTA Monitor internal versions before it was released under GPL.