Data sources and objects captureEtherSensor EtherCAP service:
[*]The Packet Sniffer SDK traffic capture library was updated: TCP connection reconstruction performance is now higher.
[*]Protocol parsing is now faster. Detected TCP sessions for each monitored network adapter are now analyzed in multiple threads simultaneously (the number of threads is equal to the number of CPU * 2).
[*]XMPP protocol parsing algorithm was updated.
[-]An error was fixed which resulted in an exception during the processing of SSL connections.
[-]An error was fixed with unpacking LZ1 attachments in Lotus Notes.
[-]An error was fixed in the processing of PCAP files with packets larger than 1514 bytes.
[-]An error was fixed in BPF filter generation.
Captured objects analysis:
[*]Disk quotas at EtherSensor Analyser startup are now analyzed faster.
[*]The transmission channel for reconstructed objects between the EtherSensor EtherCAP and EtherSensor Analyser services was made 4 times wider.
Please note:
This increases the bandwidth and makes message detection and analysis faster, but hardware requirements to EtherSensor have also increased: 1 GB of RAM is now required. Take this into account when deploying EtherSensor to virtual machines.
[+]Added processing the scheme (GET/PUT/POST) ftp://xxx.xx.xx/, which allows to process/capture files sent/received via FTP OVER HTTP
[+]The following detectors were updated: CV (hh.ru, job-mo.ru, job.ru, rabota.ru, job50.ru, jobsmarket.ru, rabota.mail.ru, rosrabota.ru, superjob.ru), facebook.com, hotmail.com, linkedin.com, livejournal.com, livejournal.ru, loveplanet.ru, mail.ru, my.mail.ru, mamba.ru, meebo.com, moikrug.ru, myspace.com, odnoklassniki.ru, phpbb, pochta.ru, rambler.ru, smsmms, twitter.com, vkontakte.ru, yahoo.com, yandex.ru.
[+]The \data\temp directory for temporary files is now forced to purge at EtherSensor startup.
[-]An error was fixed in the MIME parser: there was a problem with finding boundaries made of '-' characters.
[-]An error was fixed with unpacking data in HTTP queries and responses.
Delivering analysis results to consumer system:
[+]The save-zip option was added to the FTP and FileDrop transport profiles which can be used to compress objects to ZIP files.
Logging:
[+]Functions were added to monitor health and operation of the EtherSensor LotusTXN service.
Configuration console:
[+]The Lotus Notes Transaction Log message extraction service (EtherSensor LotusTXN) can now be managed.
[+]Microolap EtherSensor license and version files can now be added to diagnostic reports.
[+]EtherSensor LotusTXN service performance counters are now displayed.
[+]Yahoo protocol counters are now displayed.
[-]An error was fixed which resulted in memory leaks.
[-]Errors were fixed in EtherSensor service startup, stop and restart configuration.