winsock sniffer

1.0
limited number of frames

1.1
added : socket event oriented

1.2
added : get datas beyond ip header (port src/dest)
added : button clean

1.21
added : choose interface

1.22
added : filter (len, ip, proto)

1.23
added : capture analyse

1.25
fixed : minor bugs
added :filter ports

1.29
detailed infos  (protocol & transport)
added : parsing at the application level:
-137/udp (question only),
-138/udp (type 10,11,12 only),
-139/tcp (request only),
-1433/tcp (login only).

1.30
added : replay frame
added : tcp spoof (with checksum)
added : icmp echo spoof (with checksum)
added : udp spoof (with checksum)

1.31
fixed : tcp syn,ack+syn,rst in tcp spoof
added : application filter 

1.34
added : icmp redirect spoof
added : decode sql (tds 7)
added : decode base 64

1.35
added : save/load standard cap file 

1.36
added : resolve ip

1.37
added : filtre DNS
added : filtre MSN
added : filtre HTTP
fixed: dont crash anymore when sniffing too many packets at a time (dont processmessages)
added : rawsocket object created
added : no more decode nor dump during capture
decode filter functions prototype changed

1.38
added : decoder will check the ip checksum and give the correct one if uncorrect
added : ip traffic monitor
fixed : push flag=0 and no data caused crashes sometimes...

1.39
filter screen redesigned

1.40
changed : ioctlssocket instead of wsaIOCtlSocket
fixed : buffer for send function up to 64k
added : auto scroll list option
added : refresh list option
added : process priority
fixed : in filter screen (stringlist no more set to nil...)

1.41
added : sql decoder now decodes queries
added : filters and decoders can be set in config.ini

1.42
added : decode edonkey verbs (port 4662)
added : icmp decode type 3 and 5

1.43
fixed : one bug in winpcap mode : last 14 bytes were missing...
added : tsplitter control
added : toolbar in main window
fixed : in statistics more than 10 ip's would crash the app...
added : adapters stats (icmp,tcp,udp)
added : adapters stats graph (proto distribution)
added : ip length filter
added : copy,print,save in all stats graph
added : selection in decoder window will match selection in hexa window
fixed : bug in decoding http data length
fixed : sequence number & id in decoding icmp (ntohs)
added : decode icmp type 4,11,12,18
added : code description for icmp type 3
todo : icmp 17 spoof
added : auto expand for decoder
todo : fix bug with udp within icmp
added : resolve src/dest ip in listview

1.44
added : tcp scanner

1.45
added : network adpaters
added : interface cards
modifed : network stats modified (ip,tcp,udp,icmp in one screen)
fixed : horizontal splitter
added : iphlpapi dynamic linked on init

1.46
added : layer 2 (winpcap) or layer 3 (raw socket) capture 
added : winpcap api dynamic link
added : arp frames decode (ip src & ip dest)
added : pppoe frames (ip withing ppoe)
added : sending packet in layer 2 mode
added : ping tool
added : winpcap drivers installed automatically
added : support for w9x, NT4, w2k, xp, w2k3

v1.47 (feb. 2004)
fixed : selection in decoder window in snoop mode
added : sendarp (iphlpapi)
fixed : send arp reply spoof (winpcap)
added : arp entries
added : network params
changed : stats form redesigned
added : copy ip/mac in arp entries form
changed : arp spoof form redesigned
added : resolve hostname
added : getmac, getlocalip, getlocalhostname
todo  : getgateway

v1.48
added : firewall layer 3 (iphlpapi)
added : copy all to clipboard from main listview
todo : arp delete
todo : change display in L2
changed : load and save all frames: time loaded and saved as well.
added : read cap file and capture has same decode routine
added : decode ftp

v1.49
added : mode promiscuous true/false
added : icmp net mask request (type 17)
added : icmp timestamp request (type 13)
added : decode time in icmp 13/14
added : systray + systray menu
added : delete arp entry
added : arp spoof request & promisc node detect

v1.50
added : tcp client
added : whois client

v1.51
fixed : winpcap no more loaded on startup but on 1st use
fixed : 'winpcap files set to system dir' when winpcap files are installed
added : win32error exception for pcap loadlibray error or else generic exception
todo  :	custom exception...
added : decode sslv3 content type & handshake type 
added : decode sslv3 handshake protocol
added : netstat, with process name for xp & above
added : F1 will minimize to tray

v1.52
added : treeview display faster
added : kill process in netstat
added : kill tcp entry in netstat
added : set NIC up/down in interface cards
added : ping subnet (multi threaded & resolve)
added : firewall now support null address
added : tcp spoof : listen to traffic
added : monitor trafic now can use all cards

v1.53
added : dns query (api not dynamically linked yet)
added : wins query
todo  : check reported len (loaded frame <> replayed frame...)
added : tcp scan range
added : udp netbios name service spoof
added : find dhcp servers (with so_broadcast)
added : so_broadcast supported in tcp/udp/icmp spoof
added : so_broadcast supported in wins query
added : decode bootp
changed : udp ports are no more created on startup
todo : ping subnet crash randomly...
todo : qos

v1.54
added : tcp reset attack
changed : dnsapi.dll dynamically linked on demand (should work again on nt4/9x)
todo : on 9x / nt4, warning about raw socket not working
added : save,copy,print on network monitor
fixed : maximize screen works again (align mode pb...)

v1.55
added : winsock protocols
added : test bandwidth 
todo : set ipforwarding on/off with SetIpStatistics
fixed : bad division in adapter stats
added : mac to ip
added : processmessages in mac to ip

v1.56
added : winsock hooking
added : ws2_32_hook.dll for winsock 2 hooking
added : wsock32_hook.dll for winsock 1 hooking
added : forwarding on/off
changed : icmp.dll dynamically loaded on demand
changed : ws2_32.dll dynamically loaded on init (winsock 2.2)
todo : remove hard links to wsock32.dll (winsock 1.1)
added : get internet ip
added : save/load filters in firewall
added : save to file in netstat form
added : save to file in adapters form
added : save to file in network interface cards form
added : save to file in route print form
added : save to file in arp entries form
added : tracert redesigned + save to file
added : hostname / ip in ping host form
added : hostname / ip in tracert form
added : hostname / ip in tcp scan host form

v1.57
added : http proxy in whois form
added : http proxy in tcp client form
todo : dhcp ack
added : wake up call
added : delete route entry
added : add route entry
added : modify route metric
todo : fix listprocesses-ports
added : proto in config.ini is now used for appli filters
added : display ebcdic (ascii by default)

v1.58
added : resolve all ip protocols (in main listview)
added : tcpip parameters
added : show ip protocols
added : show ethernet protocols
todo : ipv6 support
added : resolve all ethernet protocol (in decoder panel)
changed : udp/tcp ports no longer shown in listview in ethernet mode
changed : ethernet protocol number shown in listview in ethernet  mode
todo : fixed parseip and decode proto
//added : tcp/udp port is resolve to service name in decode view
added : services file included in package : copy in %systemroot%\system32\drivers\etc
added : GetAdapterNames (winpcap) displays error message if failed
added : change network adapter mac address (w2k and up)
added : save to file in decoder view
added : save to clipboard in decoder view
added : decode PPPoe frames in ethernet mode
added : show mac address vendor codes

v1.59
fixed : ports by processes, 
	now works fully on xp/w2k3 (iphlpapi)- nt4/w2k (native api)
added : quick search in mac vendor codes
added : enter key in forms with one button
added : memory cleanup (freemem, closehandle)
fixed : save one frame / load one frame works no matter what the capture mode is
added : smtp client
added : tcp/udp spoof now works in ethernet mode
added : ttl can be set in tcp/udp spoof form
todo : filter engine in raw socket unit
todo : promisc property on raw sniffer object
todo : add advanced filter mode in ethernet mode

v1.60
added : 3 capture mode : raw ip / winpcap / ndis
added : advanced filter mode in ethernet mode
added : in ethernet mode, pcap filter is used
added : play/stop in capture analysis
fixed : smtp client "already connected" error
fixed : tracert, if ip/hostname cannot be resolved no tracert
fixed : timeout no longer freezes app. in tracert
added : start/stop button in tracert
fixed : send not triggered in tcp client if not connected
added : ndisprot service automatically started

v1.61
added : ip sniffer renamed to ip tools (wmi does not like the name sniffer...)
fixed : thread is freed in tracert
fixed : thread is freed after stop in ndis mode
tofix : ndis/readfile  waits for one last packet after thread is stopped
todo : drvipflt ?
added : add ip address (non permanent)
tofix : one thread is created each time ndis is checked
added : 1 thread to monitor ip changed (ballon tips)
added : 1 thread to monitor route changed (ballon tips)
todo : check balloon tips on w2k and below
fixed : app (because of threads?) was preventing end session
fixed : enablerouter is used instead of modifying setipstatistics/dwForwarding
added : mac2ip on a thread
added : ping on a thread
added : resolve ip on a thread
added : resolve hostname on a thread
added : wmi remote lan monitor
added : process/modules with exported/imported functions, unload modules, terminate process
added : netbios names on a thread
todo : nbt names does not free thread

v1.62
changed : delphi 5 to delphi 7
changed : tnmudp to indy components
added : winsquery listens on a thread
added : dhcpfind listens on a thread
fixed : thread.waitfor instruction removed (because of delphi7?)
added : exitthread in all created threads
todo :  dns query(error 87)
fixed : getprocesses is done thru psapi, not thru NtQuerySystemInformation
fixed : winsquery / checkbox for binding udp src port 137 (ok on w2k3 / nok on w2k)
fixed : nbt spoof / checkbox for binding udp src port 138 (ok on w2k3 / nok on w2k)
added : popupmenu synched on tools menu
added : ping handles timeout
added : wmi remote process
fixed : reset to rewrite in save selected/all frames (compiler options?)
added : source ip random ip tcp/icmp/udp spoof

v1.63
added : tcp ping (syn / fin / xmas / null)
added : tcp syn scan
todo : tcp syn scan multi thread
todo : tcp ping range
todo : tcp syn scan range
added : add capture filter in netstat
//added : show socket id in ports by process on nt4/w2k
added : jump to regkey in netword cards

v1.64
added : ndis properties
added : netbios names table fixed
added : smnp query
added : Process creation Monitor
added : ICMP Information request
added : dns parser more detailed
todo : add capture filter fix for *.* in netstat
added : message text for dns errors
added : udp tools / mssqlping? 
todo : stop sharedaccess on xp if started? necessary for spoofing
added : winsnmp apis dynamically linked

v1.65 (march 2005)
added : udp tools / ntp client
added : ndis will be grayed out if not installed
added : howto install ndis driver
todo  : capture to file (done for  ndis/winpcap)

v1.66
added : CryptUnprotectdata api added / decrypt password in rdp files
added : decrypt passwords in mdp
added : password reveal
added : dialup password
added : protected storage
todo : lsa secrets (with dll inject)
todo : dialup password dynamic link
todo : protected storage dynamic link

v1.67
added : dialup password dynamic link
fixed : hashes are now correct
added : ntlm hash
added : delete in protected storage
added : refresh in protected storage
added : mac to ip use local arp cache before scanning subnet
added : enum windows server
added : remote execution via wmi
todo : active routes remote
toto : nettomedia table remote
todo : remote properties on windows server

v1.68
added : remote properties on windows server
added : kill remote process via wmi
added : launch computer management from enum windows server
added : shutdown remote windows
added : remote time of day
added : fake net send
todo :  uptime, ports
todo : other ms products cdkeys
todo : snmp scan

v1.69
added : snmp ping
added : memory and vmsize in remote process
added : list of wireless networks in ndis properties
added : exclude non connected card from ndis
added : tcp scan host & range in same window
added : tcp syn scan host & subnet in same window
added : tcp ping host & subnet in same window
added : snmp ping host & subnet in same window
added : ssdp ping
added : parse LLC in 802.3

v1.70
//added : start sharedaccess on XP when spoofing //removed : works only on xp sp1
added : all icmp spoofs function in same window
added : resolve ip/hostname in same window
todo : all sending forms with raw/winpcap/ndis (tcp spoof ok)
todo : check sendit functions (lib/tsniffer unit?)
fixed : send tcp/udp spoof via winpcap (ip.id was wrong, macs were wrong)
//modified : sendit in lib //removed Socket(AF_INET, SOCK_RAW,  PIP_Header(@buf[0]).ip_protocol );
todo : wincap/ndis has sometimes an incorrect frame len (??)
added : temporary workaround for winpcap/ndis incorrect frame len
todo : ndis read/write at the same time (createfile/openexisting...?)
todo : promiscan
added : flush dns / dns query in same window
todo : tracert / ping in same window

v1.71
added : querydns with more options
added : incomplete snmp decode
added : getnext in snmpget
added ! mini mib browser in snmpget
added : syslog client/server
added : snmp get -> snmp get & set
added : snmp ping on a specific community
added : telnet client & server
added : tcp server & client in same window

v1.72
added : sql login test
fixed : mssql ping (data was truncated)
added : tcp/udp bounce
modified : tcp & udp spoof in same form
todo : hexeditor on tcp/udp spoof
added : filter displayed in main window using pcap syntax
added : capture mode displayed in main windows (raw ip, winpcap, ndis)

v1.73
added : additional ndis stats data in ndisstats
added : ndis stats graph	
modified : wins query & locate user in one form
added : decodenbt now decodes query type
added : add arp entry in arp entries form
added : mac dest field added in arp reply
added : arp spoof works with winpcap AND ndis
todo : pnp capabilities of ndis device
todo : implement GetIpAddrTable
todo : implement ndisuio to snif (not possible : filter 888e frames... and non promisc)
fixed : replay frame was crashing in winpcap mode if not capturing
fixed : ndissniffer frees thread correctly (has to go thru the execute method to be freed)

v1.74
added : exception handled by madshi exception handler. bug report more detailed.
added : new ip is displayed in systray balloon tip

v1.75
added : list of interfaces entries via SNMP
added : snmp switch port mapper / BRIDGE-MIB RFC
added : snmp MAU table (medium attachment unit)
added : goto web site & mail the author
added : export to file from listviews will export columns headers as well
added : default button in many (most?) screens
added : decode IE history
modified : can open cap file with ethernet type only
to do : snmp route table
to do : wmi remote ipconfig
to do : find hidden ports
bug fix : dynamic link to netapi32.dll (should work again on w9x)
added : decode frames with ethernet type=0x2452 (centrino promiscuous)
added : snmp net to media table
added : mac address discovery (ip, mac address, vendor) multi threaded
added : mac prefixes as resources
to do : use pcap to open/save a cap file?
bug fix : click twice on lan monitor was causing an error
bug fix : dump file saved always get a dmp/cap extension
bug fix : dump file is not created when cancel is pushed in the savedialog box
bug fix : invalid selstart or invalid selend fix

v1.76
added : master browser and domain master browser types added in EnumServers
added : enum WTS processes
added : enum WTS sessions
to do : implemente WTSWaitSystemEvent
added : impersonate client
bug fix : wmilanmon create form fix
bug fix : save a single frame on toolbar button was using the wrong procedure
added : dhcp release spoof (raw socket, winpcap & ndis)
added : more details on dhcp parsing
bug fix : tcp ack/seq number decoded correctly (network byte to endian byte)
added : time server (tcp & udp)	
added : daytime server (tcp & udp)
modified : dhcp discover uses only one socket
bug fix : filter applies to ndis as well now (same logic as raw sockets)

v1.77
added : dhcp server
added : dhcp options parsing in dhcp discover window
todo : http server
added : follow tcp stream (display text & hexa, modify and save hexa) 

v1.78
added : credential dump (via injection, not via credenumerateA)
bug fix : wins query should not crash anymore (again...)
modified : winsock hook-> one dll only for both winsock version (param via openmap).
modified : winsock hook easier. dll included in main exe as ressource. 
added : inject dll in processes window
bug fix : follow tcp stream was blocked to 255 frames
bug fix : numeric field allow numerics only
added : decode SMTP & POP3
added : dump process and module from processes window
added : view memory for process and module from processes window
added : display if client is directly connected to internet everytime ip changes or route changes
added : event viewer, shared folders, AD users, services MMC from servers window
added : smtp client can send HTML.
added : smtp client automatically retrieves outlook info if available
bug fix : AbstractErrorHandler fix on stats toolbar button click

v1.79
added : tftp server
added : pxe boot options in dhcp server
added : tsize option support in dhcp server
added : can open URL from decode IE History window
fixed : List index out of bounds (4) when "copy all lines to clpbrd"


v1.80
modified : recompiled with jcl 1.95+jvcl 3.00
fixed : exception class   : EZeroDivide, exception message : Floating point division by zero.
added : enum print ports
added : enum print drivers
added : enum drivers
added : enum AT jobs
added : enum scheduled tasks
added : can associate / disassociate a wifi spot from ndis properties form (using ndisuio to set oid)

v1.81
info : sniffing on centrino does not work in promiscuous mode with driver 9.x
added : enum wep keys (xp only via wzcsvc)
fixed : snmp tools work with any community
added : kill process, hook process, add filter in open ports
added : wifi stumbler form
added : stop wzcsvc service in wifi stumbler to set/unset ssid
added : wifi stumbler use wzcsvc if started (quicker), else set oid=list_scan
todo : implement OID_GEN_MAXIMUM_TOTAL_SIZE & OID_GEN_MAXIMUM_FRAME_SIZE
fixed : snmp rewritten with indy component
fixed : help/goto web site works on w9x
added : get all cdkeys in windows properties
added : get full display name for installed apps in windows properties
added : external scripts can be called from enumsrv passing the hostname as parameter
added : try..except for all udp tools
fixed : ping host does not crash anymore
added : ttl option on ping host.
added : icmp ping with replies<>success are displayed

v1.82
added : tcp scan half connect works with both raw and winpcap mode
added : tcp ping works with bot raw and winpcap mode
added : can choose another dns server in dns query form
added : dns query will handle properly dns_type_text entries
fixed : rdp decode works on rdp where password is not at the end of file
added : resolve ip in tcpsyn scan
added : resolve ip in snmp ping scan
added : tiny dns server (only A & PTR type)
fixed : PAGE_READWRITE to PAGE_EXECUTE_READWRITE in dump credentials form
added : open hosts, lmhosts, services file
modified : recompiled with delphi 7.0 build 8.1
