Release Notes: Two new plugins: one to display packet size distribution and another to display duplicates time distribution. Autodiscovery of some protocols (HTTP, SIP, MGCP, FTP, etc.). You can now limit the amount of RAM used by the parsers. With regard to the netmatch language: a subnet type and addition of TCP relative sequence numbers.
Release Notes: Faster deadlock detection. Can replay pcaps in a loop. Can now pass nettrack values to a guile action. More documentation (in doc/). Support for multi-line HTTP headers. Guile files are pre-compiled before installation (see ./configure --help).
Release Notes: A new simpler syntax for packet filters, primitive implementation of a network event tracking language above packet filters, a custom memory allocator that performs marginally better on large networks, OS detection based on p0f, and a new packet deduplication algorithm (autocalibrated).
Release Notes: This release fixes bugs related to Ethernet padding and log and stream buffers.
Release Notes: The continuation function has been replaced by hooks (with a compatibility per packet hook). This makes it easier to follow protocol behavior. There is support for HTTP chunked transfer encoding.
Release Notes: Compiled packet filters (much faster than tshark filters, but with a somewhat more complex syntax). This release can forward traffic information to another junkie for easier parallelism.
Release Notes: An important bugfix related to connection tracking.
Release Notes: Minor fixes, most of them in the tests.
Release Notes: This release adds a basic HTTP server for those unhappy with the parentheses. The writer plugin can now be scripted from guile. New connection tracking; simpler, with fewer bugs. Packet deduplication is now done per VLAN and/or per ifaces (unless these are collapsed of course). You can use the same logging facility from guile as from C. There is a way to send parsed information to another program via a socket. When replaying a pcap file, you can now patch timestamp with the current time.
Release Notes: The main change is to use Guile 2 instead of the venerable Guile 1.8. This should solve many issues related to multi-threading. Opened network interfaces are now automatically reopened if they go down temporarily.