# - tweaked results stats## Revision 0.9.16.11  2004/07/05 22:43:49  pbi# - wrapper classes for results presentations and manipulation# - sndrcv() retry auto adjustment when giving a negative value## Revision 0.9.16.10  2004/07/05 08:53:41  pbi# - added retry option to sndrcv()# - improved debug class# - added ottl() and hops() methods for IPTools class# - improved UDP and ICMP summary()## Revision 0.9.16.9  2004/06/07 16:09:21  pbi# - fix again TCP.answers() and TCPerror.answers()## Revision 0.9.16.8  2004/06/07 16:06:27  pbi# - fixed conf.checkIPsrc behaviour of answers() and hashret() for TCP/UDP/TCPerror/UDPerror# - added conf.debug_match to keep track of unanswered packets in debug.sent and debug.recv## Revision 0.9.16.7  2004/06/07 09:20:43  pbi# - added LEIntField and StrFixedLenField# - added partial PrismHeader support## Revision 0.9.16.6  2004/04/29 15:46:19  pbi# - fixed fragment()## Revision 0.9.16.5  2004/03/31 09:24:43  pbi# - fix nmap fingerprint db parsing to handle the new format (Jochen Bartl)## Revision 0.9.16.4  2004/03/23 08:45:10  pbi# - Support for reading big endian pcap files (Pekka Pietikainen)## Revision 0.9.16.3  2004/02/28 11:12:12  pbi# - got rid of some future warnings (N. Bareil <nbareil@mouarf.org>)# - improved BitField() for arbitrary length bit fields (N. Bareil <nbareil@mouarf.org>)# - NTP protocol (N. Bareil <nbareil@mouarf.org>)## Revision 0.9.16.2  2004/02/22 17:49:51  pbi# added first sketch of a bootp daemon: bootpd()## Revision 0.9.16.1  2004/01/26 18:01:00  pbi# Release 0.9.16## Revision 0.9.15.15  2004/01/26 18:00:08  pbi# - added more text for DNS codes## Revision 0.9.15.14  2004/01/15 13:24:48  pbi# - fixed the case where IP field is a list of nets# - randomize IPID in traceroute() to work better with conf.checkIPsrc=0# - added make_tex_table() and make_lined_table()# - added IPID_count() to identify machines with their IPID# - added sport and dport args to fragleak()## Revision 0.9.15.13  2004/01/11 11:47:07  pbi# - srploop() and srloop() improvements## Revision 0.9.15.12  2004/01/11 01:28:21  pbi# - srloop() and srploop() improvements## Revision 0.9.15.11  2004/01/11 01:07:05  pbi# - srloop() and srploop() improvements## Revision 0.9.15.10  2004/01/10 23:42:58  pbi# - added srloop() and srploop() functions## Revision 0.9.15.9  2004/01/10 23:40:51  pbi# - added## Revision 0.9.15.8  2004/01/09 16:42:42  pbi# - improved send() and sendp() with parameters loop and verbose## Revision 0.9.15.7  2004/01/09 16:04:07  pbi# - fixed ARP opcodes values## Revision 0.9.15.6  2004/01/09 15:53:46  pbi# - added RARP and IARP req/resp description in ARP operation Enum field## Revision 0.9.15.5  2003/12/19 15:54:30  pbi# - added checkIPID and checkIPsrc options in conf to recognize IP in ICMP errors from broken IP stacks (see conf.__doc__)# - changed default TCP source port to 20 (Muahahahah!)# - tweaked TCP summary# - changed default UDP source and destination ports to 53# - created import_hexcap() to copy-paste an hexcap from tcpdump -xX, and get a string to feed IP() or ARP() or whatever# - created make_table() to present results in a table from a list, and functions that map the list to x,y and z=f(x,y).## Revision 0.9.15.4  2003/10/30 16:11:41  pbi# - little enhancements to the DNS packets# - added dyndns_add() and dyndns_del() (rfc2136)# - fixed a format string error (3 times)## Revision 0.9.15.3  2003/10/16 10:41:42  biondi# - redesign summary() method# - fixed Dot11 addresses fields## Revision 0.9.15.2  2003/10/15 14:41:09  biondi# - caching format size (calcsize()) in Field main class# - allow first packet desassembly to fail in SuperSockets, falling back to Raw## Revision 0.9.15.1  2003/10/02 15:24:29  pbi# Release 0.9.15## Revision 0.9.14.8  2003/10/02 15:16:26  pbi# - small fix for p0f_base# - lazy loading for p0f, queso and nmap knowledge databases## Revision 0.9.14.7  2003/10/02 14:14:17  pbi# - added a LongField# - added classes and bonds for 802.11# - added error handling and magic checks for rdpcap()## Revision 0.9.14.6  2003/09/12 14:45:35  pbi# - had Dot11 working## Revision 0.9.14.5  2003/09/12 10:04:05  pbi# - added summary() method to Packet objects## Revision 0.9.14.4  2003/09/12 09:28:28  pbi# - added SNAP protocol# - catched broken pipe exception when shild die in sndrcv()# - fixed default L2socket type in srp() and srp1() (ETH_P_ALL)# - fixed format string in attach_filter()## Revision 0.9.14.3  2003/09/10 08:47:41  pbi# - fixed the fact that bpf filters were generated in cooked mode, and thus did#   not work# - filter on socket type ETH_P_ARP instead of using a bpf filter for ARP replies# - fixed the way of handling the SuperSocket close.# - uniformised the naming for interface parameter : iface instead of iff# - fixed the FutureWarning for long integers# - fixed a typo in 3 format strings (%*i instead of %i)## Revision 0.9.14.2  2003/07/20 00:12:04  pbi# -added "-i any" for tcpdump to compile filters even if they don't work on main interface# - put PPP special case before layer 2 general case in a super socket# - added th filter parameter to L3RawSocket# - added a special case in getmacbyip() when loopback interface is concernet# - added value for RAWIP linktype in pcap capture files## Revision 0.9.14.1  2003/06/25 13:18:23  pbi# Release 0.9.14, from 0.9.13.4## Revision 0.9.13.4  2003/06/25 12:35:57  pbi# - fixed a regression in L3PacketSocket for ppp links## Revision 0.9.13.3  2003/05/31 14:01:12  biondi# - more tweaks on Packet.sprintf(). Added __doc__.## Revision 0.9.13.2  2003/05/31 13:17:42  biondi# - small tweaks in Packet.sprintf()## Revision 0.9.13.1  2003/05/16 13:34:30  pbi# Release 0.9.13## Revision 0.9.12.9  2003/05/16 13:32:38  pbi# - fixed verbose parameter in nmap_fp()## Revision 0.9.12.8  2003/05/16 13:28:49  pbi# - small enhancements in self-documentation# - added early experiemental support for BOOTP and 802.11## Revision 0.9.12.7  2003/05/16 11:25:48  pbi# - added workarroung python bug 643005 (socket.inet_aton("255.255.255.255"))# - use answers() method instead of operator# - added hashret() method : returns a hash that is invariant for a packet and its reply# - use hashret() in sndrcv() for dramatic improvements for matching replies on big set of packets# - change report_ports() to return a string instead of printing## Revision 0.9.12.6  2003/05/16 09:28:40  pbi# - improved the __repr__() method of Packet class## Revision 0.9.12.5  2003/05/12 15:15:02  pbi# - added minttl parameter to traceroute()## Revision 0.9.12.4  2003/05/06 13:39:21  pbi# - Improved random number object (thanks to O. Poyen)## Revision 0.9.12.3  2003/05/06 10:45:27  pbi# - fixed a name overlap on "type" in L2ListenSocket and L3PacketSocket (thanks to E. M. Hopper)## Revision 0.9.12.2  2003/05/06 10:41:58  pbi# - externalized conversion from probes to signature with nmap_probes2sig() use probe results from, say, a pcap file## Revision 0.9.12.1  2003/04/27 10:07:30  pbi# Release 0.9.12## Revision 0.9.11.5  2003/04/27 10:04:03  pbi# - Fixed long int conversion in attach_filter()## Revision 0.9.11.4  2003/04/27 10:00:57  pbi# - rectification in SetGen to unroll Gen instances in lists# - Completed DNS types and qtypes names# - Small tuning in nmap_match_one_sig()# - Parallelized nmap_sig()## Revision 0.9.11.3  2003/04/24 12:47:49  pbi# - removed 4 byte IP string autorecognition. Never used and broken for 4 byte names# - added "islist" flag to fields to distinguish a list value from a list of values# - changed TCP options from dict to list to preserve order and redundancy# - added conf.except_filter, to have every command ignore your own traffic (BPF filter)# - worked in progress for nmap OS fingerprint. Added PU test. Fixed other tests.# - added nmap_sig2txt() to transform a signature to its text form, suitable for nmap base## Revision 0.9.11.2  2003/04/23 21:23:30  pbi# - small fixes in init_queso()# - experimental support of nmap fingerprinting (not complete yet)## Revision 0.9.11.1  2003/04/22 14:38:16  pbi# Release 0.9.11## Revision 0.9.10.8  2003/04/22 14:37:32  pbi# - fixed bug in getmacbyip() using dnet module# - deactivated getmacbyip() using dnet module because it did not resolve unknown IPs# - added some commands listed by lsc()## Revision 0.9.10.7  2003/04/22 13:55:01  pbi# - some getattr/setattr/delattr enhancements## Revision 0.9.10.6  2003/04/22 13:52:00  pbi# - added experimental support for QueSO OS fingerprinting. Has someone a *recent* database ?## Revision 0.9.10.5  2003/04/18 17:45:15  pbi# - improved the completer to complete with protocol fields# - small fix in get_working_if()## Revision 0.9.10.4  2003/04/16 14:53:36  pbi# - added option to include padding or not## Revision 0.9.10.3  2003/04/16 14:35:32  pbi# - added L2dnetSocket()# - improved arping()## Revision 0.9.10.2  2003/04/16 12:40:40  pbi# - fixed the case when the history file does not exist## Revision 0.9.10.1  2003/04/14 15:43:45  pbi# Release 0.9.10## Revision 0.9.9.15  2003/04/14 15:42:47  pbi# - added L3pcapListenSocket# - fixed L3ListenSocket to use ETH_P_ALL instead of ETH_P_IP by default## Revision 0.9.9.14  2003/04/14 14:57:53  pbi# - reworked L3dnetSocket## Revision 0.9.9.13  2003/04/14 13:53:28  pbi# - added completion (rlcompleter) and history support## Revision 0.9.9.12  2003/04/14 10:05:42  pbi# - bugfixed the close() method of some supersockets## Revision 0.9.9.11  2003/04/13 21:41:01  biondi# - added get_working_if()# - use get_working_if() for default interface## Revision 0.9.9.10  2003/04/12 23:33:42  biondi# - add DNS layer (do not compress when assemble, answers() is missing)## Revision 0.9.9.9  2003/04/12 22:15:40  biondi# - added EnumField# - used EnumField for ARP(), ICMP(), IP(), EAPOL(), EAP(),...## Revision 0.9.9.8  2003/04/11 16:52:29  pbi# - better integration of libpcap and libdnet, if available## Revision 0.9.9.7  2003/04/11 15:49:31  pbi# - some tweaks about supersockets close() and __del__() (not satisfied)# - added L3dnetSocket, that use libdnet and libpcap if available## Revision 0.9.9.6  2003/04/11 13:46:49  pbi# - fixed a regression in bitfield dissection# - tweaked and fixed a lot of small things arround supersockets## Revision 0.9.9.5  2003/04/10 14:50:22  pbi# - clean session only if it is to be saved# - forgot to give its name to Padding class# - fixed the NoPayload comparison tests so that they work on reloaded sessions## Revision 0.9.9.4  2003/04/10 13:45:22  pbi# - Prepared the configuration of L2/L3 supersockets## Revision 0.9.9.3  2003/04/08 18:34:48  pbi# - little fix in L2ListenSocket.__del__()# - added doc and options in Conf class# - added promisc support for L3PacketSocket, so that you can get answers to spoofed packets## Revision 0.9.9.2  2003/04/08 17:42:19  pbi# - added extract_padding() method to UDP## Revision 0.9.9.1  2003/04/08 17:23:33  pbi# Release 0.9.9## Revision 0.9.8.9  2003/04/08 17:22:25  pbi# - use cPickle instead of pickle (quicker and works with __getattr__() recursion)# - small fixes on send() and sendp()## Revision 0.9.8.8  2003/04/08 16:48:04  pbi# - EAPOL overload Ether dst with PAE_GROUP_ADDR# - tuning in ports_report()# - tuning in fragleak## Revision 0.9.8.7  2003/04/07 15:32:10  pbi# - uses /usr/bin/env invocation## Revision 0.9.8.6  2003/04/07 14:57:12  pbi# - catch error during payload dissection and consider payload as raw data## Revision 0.9.8.5  2003/04/07 14:43:13  pbi# - srp() becomes srp1() and sr() equivalent for L2 is called srp()# - hastype() Packet methods renamed to haslayer()# - added getlayer() Packet method# - added padding detection for layers that have a length field# - added fragment() that fragment an IP packet# - added report_ports() to scan a machine and output LaTeX report## Revision 0.9.8.4  2003/04/01 11:19:06  pbi# - added FlagsField(), used for TCP and IP# - rfc3514 compliance## Revision 0.9.8.3  2003/03/28 14:55:18  pbi# Added pkt2uptime() : uses TCP timestamp to predict when the machine was booted## Revision 0.9.8.2  2003/03/27 15:58:54  pbi# - fixed sprintf() regression to use attributes from a packet that are not fields (eg: payload)## Revision 0.9.8.1  2003/03/27 15:43:20  pbi# Release 0.9.8## Revision 0.9.7.9  2003/03/27 15:07:42  pbi# - add filter support for sr(), sr1() and srp()# - use filters for getmacbyip() and traceroute() for better reliability under heavy load## Revision 0.9.7.8  2003/03/27 14:45:11  pbi# - better timeout management in sndrcv# - bugfixed sys.exit() imbrication issues# - some self documentation# - added lsc()command## Revision 0.9.7.7  2003/03/26 17:51:33  pbi# - Added IP