This is to announce the release of n2disk 2.6. In this release we have made many changes to the indexing system adding a new flow-based index that should improve packet retrieval as well pave the way to flow+packet+l7 inspection+index integration that will be completed with the next nProbe cento release that will happen later this month. This will enable you to find packets based on l7 protocol: example you can do “host 192.168.1.3 and l7proto WhatsApp”. Stay tuned for the cento release.
Finally we would like to ask the community if there is interest in us releasing the code of various n2disk components to let people interact with n2disk. If you have a project/opinion please speak up!
Changelog
- n2disk (recording)
- Cento integration for metadata import (including L7 proto and flow-ID)
- Added L7 protocol support to the index (when used in combination with Cento)
- New flow-based index (-1 2) including support for flow-ID (64-bit)
- New –not-promisc|-3 flag to capture traffic without promisc mode
- New –capture-direction|-2 for specifying the capture direction
- New –packet-slicing option for cutting packets after the specified header
- Extended -n/-m options: -n/-m -1 means unlimited number of folders/files
- Support for Ubuntu 16
- Removed n2disk10gdna, n2disk10gzc is now n2disk10g
- npcapextract (extraction)
- Extended Fast-BPF filters with L7 support (syntax: l7proto )
- New -g option to set core affinity for the extraction thread
- New -s option to set extraction snaplen
- Filtering improvements: falling back to standard BPF in case of estraction filter not supported by Fast-BPF
- New -O option to write pcap to stdout (i.e. pipeline result to tshark -i – / wireshark -k -i -)
- New -0 option to write an empty file on empty result (useful with -O))
- Support for legacy and new index (both standard with L7 support and flow-based index)
- Improved extraction with O_DIRECT support
- Compressed .npcap extraction fix
- Index file descriptors leak fix
- Memory leak fix
- Tools
- New n2membenchmark tool for benchmarking system performance