Release Notes: This release adds many fixes, more or less important depending on which feature set you use. It's probably the last 2.4 version.
Release Notes: This release adds many fixes and ameliorations related to parsing TCP despite missing/unordered segments.
Release Notes: This release extracts more information from HTTP and provides more robust handling of missing TCP segments.
Release Notes: Many fixes regarding the network events description language, and some minor changes (a smarter deduplication process) and additions (such as a user-agent HTTP field addition to HTTP information).
Release Notes: This release fixes a problem in MIB.
Release Notes: Two new plugins: one to display packet size distribution and another to display duplicates time distribution. Autodiscovery of some protocols (HTTP, SIP, MGCP, FTP, etc.). You can now limit the amount of RAM used by the parsers. With regard to the netmatch language: a subnet type and addition of TCP relative sequence numbers.
Release Notes: Faster deadlock detection. Can replay pcaps in a loop. Can now pass nettrack values to a guile action. More documentation (in doc/). Support for multi-line HTTP headers. Guile files are pre-compiled before installation (see ./configure --help).
Release Notes: A new simpler syntax for packet filters, primitive implementation of a network event tracking language above packet filters, a custom memory allocator that performs marginally better on large networks, OS detection based on p0f, and a new packet deduplication algorithm (autocalibrated).
Release Notes: This release fixes bugs related to Ethernet padding and log and stream buffers.
Release Notes: Compiled packet filters (much faster than tshark filters, but with a somewhat more complex syntax). This release can forward traffic information to another junkie for easier parallelism.