****************************************************************************************************
Rel. 1.20 feb 24th,2008 : Wi-Fi is here

Snooper:
- Added decoding of packets with IEEE 802.3 (Win32 and Linux) and 802.11 encapsulation (Linux only for radiotap, Prism2 and AVS radio headers) 
- Added an extra check of data link type, as only Ethernet V2,802.3 (Win32 and Linux) and 802.11 (Linux only) encapsulation  are supported 
- Added an header with version in the log file
- Added more statistics about captured packets:Total and per encapsulation (EthV2, 802.3, 802.11, 802.1Q, MPLS)

PacketInjector:
- Added decoding of packets with IEEE 802.3 and 802.11 encapsulation. The latter are transformed in Ethernet V2 before being injected into database.
- Added an header with version in the log file

SessionTracker:
- In previuous releases, rebuilding process detected a new session when the sequence number of a packet exceeded of more than an MTU the one expected. This is not true anymore.
- Added an header with version in the log file
- Added a daily log file called DailyReg.txt where detailed info about every rebuilt session are stored
- Sessions are grouped in daily folders and stored in sub folders (named according to session params) that contain a .cap raw file and a .L7 file with application layer info (both direction of communication). A daily register was added that reports more detailed info.

Database:
- Added mac_saddr and mac_daddr to table Packet to enhance wi-fi captures analysis. So database tables are not compatible with previuos releases. 



****************************************************************************************************
Rel. 1.10 june 15th,2007

Snooper:
-Now when a keyword match occurs in a udp packet, that single packet is flushed to disk.
-Corrected a problem in config.c module that could cause segmentation faults if a line was not  properly terminated.
- Corrected an unforgivable oversight in snooper.c that caused a segmentation fault when Aho-Corasick was selected as pattern matching algorithm.
-Added extended  log info when a keyword is found.
-Implemented affinity: In dual or quad CPU boxes, SN can now run on a selected subset of CPUs.
-When the number of concurrent active sessions (session-number) in set to one, session history is  rebuilt by a low priority thread. In case of heavy network loads, this can avoid losing new  incoming packets belonging to that sessionin case of keyword match. Tha bad news is that packet  history is not updated till session terminates.
-Event of information loss due to unavailable sessions (that is all sessions are already active  and a new keyword is detected) now gets logged.
- Now by default both directions of an interesting session are tracked. It is still possible to track only one direction as in the previuos version by unmasking parameter session-onedir.
- Added a new parameter session-mindack in order to record zero sized ack packets.
-Now,if enabled, in L7 mode two probes can communicate one another by exchanging messages when a  new keyword is found or an active session ends. This way, packets belonging to a session can be  split over two communication links (session completeness on a link is no more required in L7  mode).Six new parameters have been added to handle  interprobe messages.
- Added a periodic check for changes of configuration file. In case of modification, snooper reloads the new configuration without having to manually restart it.

PacketInjector:
-Corrected a problem in config.c module that could cause segmentation faults if a line was not  properly terminated.
-Corrected a problem that caused continuos looping on .cap files that could not be opened offline.
-Added an error condition when capture directory is missing or unaccessible
-Implemented affinity: In dual or quad CPU boxes, PI can now run on a selected subset of CPUs.
-A new parameter ftp-host was added to allow uploading of captured files to a remote ftp server.This is an alternative to injecting packets into a remote database.
-Parameters db-user and db-password were renamed to user and password. These credentials can be used for both kinds of remote hosts.
- Added a periodic check for changes of configuration file. In case of modification, snooper reloads the new configuration without having to manually restart it.
- Added a new parameter session-mindack to inject zero sized ack packets too.

SessionTracker:
-Now when a keyword match occurs in a udp packet, that single packet is flushed to disk if inspect-udp-pkt: parameter is unmasked.
-Corrected a problem config.c module that could cause segmentation faults if a line was not  properly terminated.
- Corrected a problem in st.c that, in very particular conditions (2 session having equal parameters and both rebuilt within 1 second), caused the second cap file being appended to the first. 
-Added extended  log info when a keyword is found.
-Implemented affinity: In dual or quad CPU boxes, ST can now run on a selected subset of CPUs.
-Directory where rebuilt sessions are placed now is called session-dir.
-Parameters db-user and db-password were renamed to user and password.
- Session rebuild delay is now configurable from 10 to 999 sec (it was previoulsy hardcoded to 60 secs)
- Added a periodic check for changes of configuration file. In case of modification, snooper reloads the new configuration without having to manually restart it.
- Now by default both directions of an interesting session are tracked. It is still possible to track only one direction as in the previuos version by unmasking parameter session-onedir.
- Added a new parameter merge-sessions-timestamp in order to merge the two directions of a sessions according to timestamps.


Diagnostic:
A new member was added to the family. Its a log parser that sends email messages when some events occour (Program startup, shutdown, key found or any error).


Database:
- Table TcpSession was renamed as Session and a new field ip_proto was appended.
- Three new members were added to Packet table: tcp_ack,pkttimestampsec and pkttimestampusec which represent real packet capture time sec.microsec (whereas timestamp is the time in seconds when packet was written to db)
- Created SortPkt table in order to merge the two directions of a session according to timestamp (see merge-sessions-timestamp).

****************************************************************************************************
Rel. 1.00 oct 04th,2006
The very first release