Welcome, Guest! Log In | Create Account

Share

Chaosreader

File Release Notes and Changelog

Release Name: 0.94

Notes:
chaosreader now has a spinoff program for further SSH analysis - sshkeydata. It is also available from SourceForge.



Changes:
05-May-2004     BDG     typos fixed

01-May-2004     BDG     chaosreader ver 0.94 released
                                                                                
        * Chaosreader is now Perl 5.6 dependant!
                                                                                
        * SSH Analysis. Three new files are created for SSH connections:
                a replay file that prints symbols representing the encrypted
                packets and their sizes, a html version of the replay file,
                and a keystroke delay data file. The replay file is a perl
                program that plays back the session. I've found it's
                very easy to spot the difference between SSH, X11 SSH, and
                SCP from the replays. The HTML version is not so exciting
                as it does not convay the timing delays between packets
                (keystrokes). The keydata file is created for further
                analysis by other tools, such as the sshkeydata program.
                sshkeydata uses several factors from the keydata file
                to estimate the original commands within the encrypted SSH
                session. Factors include keystroke number, keystroke delays,
                command output size and time, etc ... So far it can score
                up to 90% accuracy, something I'd like to improve by using
                more advanced algorithms (fuzzy classification, Bayesian,
                etc).
                                                                                
        * Command line improvements. Originally chaosreader would print
                packet information as it processed each and every packet.
                For a capture file with a few thousand packets this was
                too much, and has been replaced with a single status line.
                Getopt::Long is now used to provide alternates to the
                standard command line switches. eg, "-H" can now also be
                written as "--hex" (hooray! I was running out of meaningful
                letters of the alphabet). I noticed that using Getopt::Long
                broke an older Perl distribution I had (ActivePerl 5.005),
                by the looks of the errors I get the feeling chaosreader
                is now Perl 5.6 dependant.

        * Speed. For large captures chaosreader is now running about 50%
                faster. I've been tuning the code here and there, and have
                added the Benchmark module to help.

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use