v0.10.1

• Add OSX support

v0.10.0 - glue-ser to the metal

• The pcap crate has been replaced with direct bindings with pcap-sys to fix a regression due to a recent libpcap update that makes calling pcap_set_immediate_mode mandatory
• The documentation and flags have been updated to be more obvious, -v has been documented more prominently and --detailed has been renamed to --debugging since it's mostly used for development
• Fix a sandbox regression with rust 1.40 on arm
• Updated dhcp4r dependency that resolves an issue that was found by fuzzing sniffglue
• The noise filter is now more aggressive towards short packets

v0.9.0 - the internet is full

Decoders

• ipv6

General

• some logging improvements
• tcp flags are logged now
• tls decoder is more advanced
• some seccomp improvements
• releases are now signed

v0.8.0 - what the fc00::/8

Decoders

• cjdns eth beacons (no other sniffer supports this yet!)

Sandboxing

• The seccomp code that was originally written for sniffglue has been extracted into the syscallz crate

Minor

• Bump dependencies
• Fix typo in man page

v0.7.0 - oldschoolcool

General

• The old -x flag was removed and replaced with -v that can be supplied multiple times to allow better filtering control
  • None - Only show the most interesting packets
  • -v - Show somewhat interesting packets as well (this is what I use most of the time)
  • -vv - If you're looking really hard
  • -vvv - Show binary packets as well
  • -vvvv - literally everything
• Some packets that we couldn't parse used to be discarded, those are now logged as well with a very high noise level

Decoders

• ssdp
• dropbox beacons

Sandboxing

• Raspberry Pi 1 support - seccomp has been ported to armv6
• Raspberry Pi 2 support - seccomp has been ported to armv7

v0.6.0 - Look ma, no ethernet

General

• Add support to sniff on tun devices
• Correctly detect packets with null bytes as non-text
• Refactoring and dependency bumps

v0.5.0 - Actual glue

General

• Json output has been added. You can pipe the output of sniffglue to an arbitrary script that processes the sniffed packets. Like, glueing a script to a sniffer.

Bugfixes

• Some seccomp edgecases have been fixed.

v0.4.0 - 2short

General

• The sniffglue internal syscall table has been dropped and was replaced by the table in rust-lang/libc.

Security

• cargo-fuzz found a DoS bug in a dependency that would panic the sniffer. This has been addressed and a regression test has been added.
• After some curiosity of how the sandbox looks like for an exploited sniffglue process, boxxy-rs has been developed and introduced so you can have a look yourself. This is also used to implement CI tests for the sandbox.
• The docker image now includes a config file so sniffglue drops privileges inside the container

Fancy

• To support the effort of reproducible-builds.org, reprotest has been added to the CI system and every release and PR is tested for reproducibility. This also documents how to build sniffglue binaries in a reproducible way.
• A musl docker container has been built and seccomp has been adjusted to support musl libc.

Contributors

• @Mrmaxmeier submitted a patch that added missing syscalls to the seccomp filter. Thanks!

v0.3.0 - My name is boxxy

General

• If you ever get stuck, we now have a man page!
• Upgrade to nom3

Decoders

• arp

Security

• sandboxing! (x86_64 only) syscalls are disabled in two stages, before and after initialization completed
• chroot! shortly before the 2nd seccomp stage is activated, we chroot into an empty folder
• setuid! after we opened the device for sniffing (and chrooted), we aren't doing anything that needs special privileges, so we setuid to an unprivileged user.

Keep in mind that seccomp is currently only enabled on x86_64 and chroot/setuid is disabled unless the config at /etc/sniffglue.conf exists.

Fancy

• Build a docker image and sniff in container setups

v0.2.0 - Print me like one of your french cats

General

• Improved pretty printing
• Output defaults to compact
• You can now read pcaps you've saved for later with sniffglue -r sniff.pcap
• If stdout is no tty, colors are disabled

Fancy stuff

• Benchmarking support (are we fast yet?)
• Fuzzing support (are we vuln yet?)