ChangeLog


   _   _ _
  | \ | | |_ ___  _ __
  |  \| | __/ _ \| '_ \
  | |\  | || (_) | |_) |
  |_| \_|\__\___/| .__/
                 |_|

             Network Top

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  ChangeLog
  =========


  This is the list of all {significant | noteworthy | major | et al } changes
  to the ntop source tree.

  The file NEWS contains a chronology of releases and major milestone versions.

3.3
=-=
  Removed ./configure in favor of ./autogen.sh - see docs/BUILD-NTOP.txt

3.2
=-=
  No info here, sorry

3.1
=-=

Biggies --
    New look & feel - cascading menus, different colors and logos.

    Platforms - ntop has been developed and tested on the following platforms:
      - Linux
      - MacOS
      - Win32 (Visual C++ 6.0, MinGW should again work)
      - Solaris 9 (i86 and sparc)
 
      - FreeBSD (4.9+ and 5.3)
 
      - NetBSD (Single Threaded only) - not tested.
 
      - OpenBSD, HP-UX and AIX have some left-over coding/configure
        support, but do not work or have not been tested.
 
Nothing much to ./configure

Added options:
    * Added Packet sampling option.

Startup:
    * Parts of ntop configuration now stored in prefs database and can be changed
      via the web server (effective on the next run).

Protocols:
    * Added SCTP support.

    * P2P: BitTorrent.

Internals:

    * Lots of minor bug fixes for stability, proper/better function, more error
      checking, etc.

    * Lots of code reorg - into/out of utils, modules split up, RRD constants 
      moved into rrdPlugin.h from globals-defines.h, etc.  

    * Internal split into L3 vs. L4 stuff, common tcp security checks, etc.

    * Lots of Win32 and VLAN changes.
 
    * The BufferTooShort() logic did not detect problems due to a change
      in the way newer glibc reports overflow.  This was corrected and a
      number of problems were detected/fixed.

    * Single-threaded ntop should again compile and work.

    * Reduced some memory requrements.

    * Better handling if same host is seen in multiple vlans.

    * Running ntop from a file should report the time as that of the last packet.

    * FibreChanel NS and OS fingerprints are now cached.

    * Host information pages offer packet or byte sort options.

    * Removed the FILEDESCRIPTORBUG work-around.  This makes ntop again sensitive to 
      the FreeBSD bug bin/51535.  ntop will probably NOT work with FreeBSD versions 
      4.8 and below nor 5.1.


External tools and data files:

    * Ettercap - OS fingerprints updated to Ettercap NG.

    * Frozen version of rrd is now 1.0.49.

Plugins:

    * Re-writes of netFlow and sFlow plugins.

    * Removed nfs plugin.

    * New SNMP plugin.



 
 3.0 (was going to be 2.3)      
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 (Apply Usual-caveats)

 Biggies --
         IPv6 - code contributed by Olivier Festor <Olivier.Festor at loria.fr> and
                Abdelkader Lahmadi <Abdelkader.Lahmadi at loria.fr>
                of the MADYNES Research Time (Managing DYnamic NEtworks and Services),
                http://madynes.loria.fr/.

         FibreChannel and SCSI - code contributed by Dinesh G Dutt <ddutt at cisco.com>
                of Cisco.

         -x/-X memory limit options - Gianluca Insolvibile <g.insolvibile at cpr.it>

         All | Local | Remote selections - Luigi Iotti <luigi at iotti.biz>


 Lots of minor bug fixes for stability, proper/better function, more error
 checking, etc.

    Platforms - ntop has been developed and tested on the following platforms:
      - Linux
      - MacOS
      - Win32 (Visual C++ 6.0, MinGW no longer works after 2.1.3)
      - Solaris 8/9 (i86 and sparc)

      - FreeBSD (4.x and 5.2)
                  The web server will deadlock (actually just run incredibly slowly)
                  unless the --set-pcap-nonblocking option is given at run time.

                  Lots of credit for wrassling this aligator go to Michal Meloun 
                  <meloun at miracle.cz> and Stanley Hopcroft <Stanley.Hopcroft at 
                  IPAustralia.Gov.AU>

      - NetBSD (Single Threaded only)

      - OpenBSD 3.4 (and ONLY 3.4) work thanks to lots of effort by 
                  Julien Touche <julien.touche at lycos.com>

      - HP-UX and AIX have some left-over coding/configure 
        support, but do not work or have not been tested.

 Another significant update to ./configure
   * auto* tools (automake and autoconf) are no longer required.
   * Distributed scripts built with:
         automake 1.6.3
         Autoconf 2.57
         libtool 1.4.2
   * Most OS/Distribution/Release specific configuration is in the 
     configureextra/ directory, in files named according to what they
     support: <OS>[<distro>][<release>], e.g. SOLARIS, LINUXredhat8.
   * export NTOPCONFIGDEBUG=yes to enable the debug stuff (this 
     now includes improved tracking of the variables set in the 
     various steps of the ./configure process. 
   * export NTOPAUTOREBUID=yes to enable the testing of auto* tool 
     versions and automatic rebuild - IF YOU HAVE THE TOOLS INSTALLED 
     of the ./configure scripts. 
   * linuxrelease script - shared with census - to determine (consistently) 
     the OS/Distro/Release.
   * First time install (i.e. create the directory), warn the user that 
     the ntop user id (-u xxxxx) must be the owner of the directory and 
     that s/he will have to chown it. 

 Removed external tools and required libraries:
   * lsof
   * gdchart - ntop's graph.c is now a completely self-contained graph 
     creator sufficient (only) for ntop's needs.  (still use the gd library) 

 External data files
   * Handle compressed input files.
   * Check file to determine if internal database copies need to be 
     recreated.
   * Check age of dns cache and recreate if it's 'old'.

 log (traceEvent) messages
   * Lots of small cleanups
   * --log-extra 
       1 adds [file:line] to every message.
       2 adds a [MSGIDnnnnnnn] to every message.  
           These tags should (unlike file:line) be stable across ntop 
           releases.

 Removed compile and run-time options:
   * MAKE_MICRO_NTOP
   * --ignore-sigpipe
   * --throughput-bar-chart
   * --dynamic-purge-limits
   * --large-network | -C
   * --enable-external-tools | -E

Added options:
   * --spool-file-path | -Q
       Allows specification of alternate directory for the 'temporary' database
       files (addressQueue.db, dnsCache.db and macPrefix.db) vs. the 'permanent'
       ones (prefsCache.db and ntop_pw.db).  If --spool-file-path is not 
       specified, the value for --db-file-path (-P) (or it's CFG_DBFILE_DIR)
       default from ./configure is used.
   * --disable-instantsessionpurge
       Due to a bug, ntop reclassifies a properly closed session to 
       FLAG_STATE_TIMEOUT. So, at present, ntop doesn't retain session data
       for more than a few seconds after the tcp/ip session is terminated. 
       This corrected behavior is NOT the default, because a large number of
       retained sessions can significantly increase the memory usage of the 
       ntop instance if there are hosts that open/close large #s of sessions
       (e.g. a web server). 
   * (Windows) Now possible to specify the adapter using a numeric identifier
     or its name.  ntop -h shows list of adapters at end of help text.
   * make dnvt and make dnetter now work to download and create the vendor 
     and Ettercap tables respectively.

Startup:
   * ntop tries to be smarter about root/non-root user during startup.
   * When ntop is not started as root but it has been installed 
     with the sicky bit set and root:root as owner, it asks 
     the root password. If correct, ntop becomes root, does what's 
     needed, then it changes the uid back to the original user. 				   
   * Automatic fall back to our (libiberty) version of getopt_long on 
     systems where it isn't available in system libraries.
   * The various data files can be compressed on disk.
   * The various data files are not reloaded if the database file is newer
     than the file to load.
   * Windows: use pcap_findalldevs() that is the correct way to find devices
     with the latest winpcap 3.x.

Security:
   * Shed privledges earlier, so that the various files and databases are 
     read/written as the ntop -u xxxxxx userid, not root.

Internals
   * Host hashing removed - no more expands
   * Lots of work on threading, better data protection, eliminate 
     deadlocks, etc.
   * Moved the Win32 code closer/more unified with Unix.
   * If -g is used, the RRD plugin saves only local hosts 
   * oui updated to current (IEEE) as of 11Aug2003 
   * ettercap updated to current (SourceForge) version, dated 08Jul2003 
   * Added dynamic support for IP-based protocols. This means that protocols
     such as OSPF/IGMP are now handled dynamically.
     At the moment OSPF/IGMP/IPSEC are "manually" added in main.c.
   * Added initial AS (Autonomous System) number support. Several components
     (e.g. NetFlow plugin) need to be made AS-aware. 				   

 Web Server
   * New look for ntop's menus - takes up far less room.
   * New 'Log' option shows the last 50 messages ntop sent to the log.
   * Show AS numbers on separate page.
   * URL security cleanup for better flow - we do not perform processing
     on unvalidated (and possibly hostile) data, and we decode %nn values
     to their equivalent characters (e.g. %41 becomes A). 
   * [All][Local Only][Remote Only] options added to most long display lists.
   * Update textinfo.html/PR output with new automatically generated lists
     of #define symbols. These now automatically #ifdef the symbol so 
     there should be no undefined symbol problems. 
   * Drill-down view of unknown protocols.
   * MAC addresses are now printed as <hw manufacturer>:XX:XX:XX


 netFlow (Plugin)
   * netFlow: 'assume high port netflow traffic is ftp' now run time option,
     vs. ./configure in 2.2.
   * Former ./compile option, --enable-netflowassumeftpdata - is now a run-time
     option in the NetFlow plugin.
   * Added signal trap in plugin, #define MAKE_WITH_NETFLOWSIGTRAP

 rrd (Plugin)
   * rrdtool - a frozen and patched copy of rrdtool 1.0.42 is part of ntop
     in the myrrd directory. ntop should ignore any installed version.
   * Optind is reset to 1 before every getopt_long call - prevent a 
     random/unpredictable crash inside rrd while parsing options.
   * Removed run-time option: --reuse-rrd-graphics.
   * Run-time option --enable-largerrdpop is now the default (and only) 
     supported version. 
       Note that there is a script @ SourceForge in the user contributed area
       to move existing .rrd files into the new structure.  Use this script
       at your own risk (i.e. backup your data FIRST).
   * Permissions for rrd files and directories controlled via plugin
     setting.


 intop
   * Gone.  There is a separate, work-in-progress integrated shell
            version of ntop, called ntcsh, available from the cvs.

 doc
   * FAQ has been once again completely updated and revised.

Debugging 
   * Lots of message cleanup, things that wouldn't compile, etc.


          ____    ____
         |___ \  |___ \
           __) |   __) |
          / __/_  / __/
 =-=-=-  |____(_)|_____| =-=-=-=-=-=-=-=-=-=-=-=-=

 (Apply Usual-caveats)

    Platforms - ntop has been developed and tested on the following platforms
      - Linux
      - MacOS
      - Win32 (MS VC++ 6.0, with some support for MinGW)
      - FreeBSD (4.6, 4.7 and 5.0)
      - Solaris 8

      With other platforms, we've been unable to test (anyone want to pony up
      remote root access to systems)?  Or, with the assistance of various users
      tried and failed.  See ./configure --enable-showoses


    gdchart et al

      - buildAll.sh script has tests for being run in the correct directory.
      - buildAll.sh script tests if there is a version of libpng already
        installed on the system and deletes the in-tree copy of to prevent
        the 1.0.x vs. 1.2.x version conflict.
      - Updated in-tree copy of libpng from 1.2.1 to 1.2.4

    ntop

      - SQL support removed.
      - rrd support added (see rrd Plugin below).

      - Added ability to configure plugins while inactive.
      - Added @<filename> for configuration options.
      - Table driven conversion of ip address -> country code replaces
        - where available - old gTLD/ccTLG version.
      - memory failure trap, allows access to reports after ntop stops
        and run time parameter, --disable-stopcap to return to old
        behavior.
      - Replaced active use of nmap with passive use of ettercap 
        for OS fingerprinting.
      - Automatic creation of problem report skeleton.
      - Plugins menu shows plugins disabled due to problems.
      - Eliminated (we hope) the requirement for the auto* tools
        (autoconf, automake and libtools) to be installed in order
        to compile the ntop source.
      - Default protocol list (if no -p option) changed to:

            FTP=ftp|ftp-data
            HTTP=http|www|https|3128     3128 is Squid, the HTTP cache
            DNS=name|domain
            Telnet=telnet|login
            NBios-IP=netbios-ns|netbios-dgm|netbios-ssn
            Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2
            DHCP-BOOTP=67-68
            SNMP=snmp|snmp-trap
            NNTP=nntp
            NFS=mount|pcnfs|bwnfs|nfsd|nfsd-status
            X11=6000-6010
            SSH=22
 
            Peer-to-Peer Protocols
            ----------------------
            Gnutella=6346|6347|6348
            Kazaa=1214
            WinMX=6699|7730
            DirectConnect=0              Dummy port as this is a pure P2P protocol
            eDonkey=4661-4665

            Instant Messenger
            -----------------
            Messenger=1863|5000|5001|5190-5193

      - Internal reorg:
          * Almost all structures and typedefs moved into new file,
            globals-structtypes.h
          * Almost all #define values moved into new file,
            globals-defines.h
                     ****AND DOCUMENTED****

      - Menu changes:
          * "HELP" page added to About menu.
          * Plugins moved to Admin menu.
          * Data Dump added to Admin menu.
          * Totals tab/menu added.
          * NetFlow moved from Data Sent/Received menu to Totals menu.
          * AS and VLAN options added to IP Protocol menu.
          * (Access via About -> Configuration) textinfo.html page with 
            lots of additional information about ntop's configuration.

      - ./configure
          * TOTAL REWRITE!!!!
          * Many more cases of reconfiguration handled automatically.
          * New structure.
          * Clearly indicated failure messages.
          * Support level for various platforms documented.
               * ./configure --enable-showoses to view this.
          * Requires automake 1.6+ and autoconf 2.5x+.
          * Explicit test for matching auto* tools versions. If those
            versions do not match - EXACTLY - then the first time you
            run ./configure, ntop will delete and recreate ALL of the
            generated files and update autotoolversions.  You then
            need to run ./configure a SECOND time to do the actual
            configuration!
          * Added tests for lib64 (ia64) in the library searches

      - Parameter changes
          * REMOVED:  -b | --sql-host
          * REMOVED:  -j | --border-sniffer-mode   (see -b, -g, -o and -z)
          * REMOVED:  -v | --mysql-host
          * REMOVED:  -S | --store-mode

          * ADDED:    -b | --disable-decoders
          * ADDED:    -g | --track-local-hosts
          * ADDED:    -o | --no-mac
          * ADDED:    -z | --disable-sessions
          * ADDED:    -C | --large-network
          * ADDED:    --dynamic-purge-limits    (Host purge time limit)
          * ADDED:    --reuse-rrd-graphics
          * ADDED:    --p3p-cp
          * ADDED:    --p3p-uri
          * ADDED:    --xmlfileout
          * ADDED:    --xmlfilesnap
          * ADDED:    --xmlfilein
          * ADDED:    --disable-stopcap
          - Unrecognized options are printed with a warning message/hint.

     - Misc. enhancements
        - traceEvent() message cleanup - many now clearly indicate their cause.
          - Added ALWAYS and NOISY class so -t 0 and -t 4 are meaningful and
            still show what they have to.
        - DEBUG cleanup - multiple options, indicated as xxx_DEBUG in log.
        - ntop heartbeat - periodic log messages to show it's still running.
        - long options work on all platforms.
        - Traps and errors if no password when running in daemon mode.
        - Minimum password now 5 characters.
        - Python format data dump.
        - gdchart watchdog - catches libpng conflicts and other problems and
          returns.
          an error graphic to the user.
        - Hooks for P3P support (and tolerates AT&T PrivacyBird)
        - P2P knowledgeable about Gnutella, Kazaa, WinMX and DirectConnect.
        - Knowledgeable about ftp and smtp/pop/imap
        - host names are color coded indicating how long ago they were first seen.
        - Pie charts made 2D (from 3D) for readability and tiny slices suppressed.
        - showPortTraffic report added.
        - Human friendly interface names under Windows.
        - Additional information during ntop startup (interface type,
          daemoninzing, etc.).
        - ntop will not allow itself to run as root, except if EXPLICITLY
          requested via -u root option.
        - Added Local Hosts Statistics to Stats menu tab.
        - --use-syslog and --set-admin-password warn if they do not have a
          provided value (which is often a sign of a missing =).
        - Tests for lsof to make sure they're executable and suid root.
        - Added Ip protos R->R list
        - Memory usage reduction and optimization (e.g. don't allocate space
          for obscure counters until you need them, etc.)
        - ssl random seed initialization if OS doesn't do it.
        - PPPoE encapsulated traffic is now understood.
        - Static plugins via ./configure --enable-static-plugins and then 
          make sntop
        - Vendor lookup table moved from static .h to file, with mini
          file provided and ability to download full file from IEEE.
        - p3p... added parameters to set p3p header values cp= and policyref=
          Also added ability to return default p3p file upon request from
          browser. 
               NOTE:  there is no sample file provided.  This is not an 
                      oversight.  After careful consideration, we are not
                      providing one.  The reason is that a .p3p file is 
                      intended to be a legal contract between your site
                      and your users.

        - Limited - VERY LIMITED - i18n support
        - Bare bones for a new xml dump facility to dump all internal data.


     - Notable performance and bug fixes
        - Lots of crash cleanups, buffer overflows, etc.
        - Memory leaks repaired
        - Fixed deadlock and 'un-locked' mutex problems! Yea Luca!!


    netFlow (Plugin)
      - netFlow now updates the traffic matrix.
      - netFlow has white/black list to control what hosts are updated.
      - Accepts v7 flows (converts to v5 for internal processing)
      - Added specification of the local network for netFlow devices.
      - Fixed double counting of bytes/packets send/received.
      - Added an OPTION to count unclassified traffic as ftp-data.


    sFlow (Plugin)
      - Added specification of the local network for sFlow devices.


    rrd (Plugin)
      - replaces sql for long-term persistent storage.
      - ntop now creates multiple RRA (round robin archives), which
        allow for a (user configurable) number of years of daily data
        to be recorded.
      - ./configure --enable-largerrdpop so .rrd files are created in
        a a/b/c/d directory structure vs a.b.c.d (one level) - gets 
        past the Liunx 32K files/directory limit.
      - Fixed rrd bug when same host seen on multiple interfaces - made
        the files per interface.


    intop
      - Should work - no promises.

    doc
      - FAQ has been revised, updated and more than doubled in size.
      - ntop-autotools.vsd and .pdf added - shows the flow of auto* tools,
        including ./configure and make

          ____    __
         |___ \  / |
           __) | | |
          / __/_ | |
 =-=-=-  |____(_)|_|   =-=-=-=-=-=-=-=-=-=-=-=-=

     (With the caveat that this is based almost exclusively on 
      my manual reading of the source diffs, here is what's changed 
      in ntop between 2.0 and 2.1...

      The dividing line between major and minor is arbitrary and my 
      own choices.

      The order is arbitrary

      -----Burton)

      Major items

       1. zlib updated to v1.1.4

       2. libpng update to v1.2.1

       3. intop is largely unsupported.  It compiles, but was not tested in v2.1.

       4. rmonPlugin moved to /obsolete directory (i.e. no longer supported)

       5. wapPlugin moved to /obsolete directory (i.e. no longer supported)

       6. sflowPlugin added

       7. netflowPlugin added

       8. pdaPlugin added

       9. myGlobals - a huge # of global items were moved into a single 
          myGlobals.xxxx structure (New header file is globals.h, removed 
          from ntop.h, globals-core.h and globals-report.h) (See 
          initNtopGlobals() in globals-core.c for much of the initialization).

      10. Generated charts are returned via the http:// stream instead of 
          returning the name of a temporary file.

      11. The erroneous message "Buffer overflow!" has been replaced by a 
          BufferTooShort() macro, which gives an appropriate message.

      12. Rules removed - ntop-rules.8, event.c, rules.c, rules.h and rules.sample 
          moved to /obsolete

      12a. An /obsolete directory was added for code no longer supported or
          even minimally maintained, but perhaps of historical interest.

      13. Documentation (ntop.8, ntop.txt and ntop.html) updated to reflect 
          command line parameter changes.

      14. Long options (e.g. --trace-level) added, along with ./configure tests
          for getopt_long.  Most parallel existing short options, but a few are 
          unique to long options or (--use-syslog= and --set-admin-password=) 
          are different from their corresponding short options.

      15. Code and ./configure test added to correctly handle endianness 
          (NTOP_BIG_ENDIAN and/or NTOP_LITTLE_ENDIAN parameters).

      16. ntop can now return http:// responses using zlib compression 
          (HAVE_ZLIB). Test for -lz (specifically gzopen) added to ./configure.

      17. (except for WIN32) ntop now prompts the user to set the admin password 
          on the 1st run, vs. having a fixed (known) value.

      18. XML output added to dump reports (emitter.c).

      19. A huge number of Segmentation Fault problems were removed by a total 
          rewrite of the hashing routines, including elimination of the shrinkage
          capability.  Ntop's pattern of expansion of the hash table was modified 
          to better reflect real-world usage (see note on textinfo.html page).  
          Includes things like eliminating notifyPluginsHashResize().

      20. URLsecurity updated to handle the RFC1945 set of invalid characters.

      21. -j (also --border-sniffer-mode) ****
               -j is used when you are starting ntop on a mirrored 
               interface where you cannot trust MAC addresses. 

               Note that:

               1. -j usually requires you to specify the local network 
                  (-m) as a mirrored interface might have a 
                  wrong/ip-less/private IP address.

               2. -j disables some features as TCP session tracking etc.

             In future versions -j will disappear and it will be replaced
             with more granlar flags for better controlling all these options.

      22. -A (accuracy level) switch removed.  Code remains in initialize.c 
          in initGlobalValues() if somebody needs to manually enable this.

      23. ntop will not let itself implicitly run as root.  To run as root, 
          with all the risks that entails, you must explicitly give the 
          -u root command line parameter.

      24. netflow.c (the code that creates and sends netflow packets from 
          ntop to another collector) was re-written to support multiple 
          flows per packet.

      25. A change to the logic allows the protocol file (-p option) to span multiple 
          lines and ignore comments (anything after a #) in it.

      26. (MinGW) ntop now runs as a Windows service.  ntop /i installs it, ntop /r 
          deletes it, ntop /c runs immediately.  

          For /i and /c, follow them with a normal ntop parameter set, e.g. -i1 -w 3000...

      27. Reporting logic was reworked to fix up a bunch of sorting errors.

      28. "Service/Port Usage" and "Recently Used Ports" added to host report.

      29. syslog(..) call fix - corrected a security issue discussed on BugTraq.

      30. Improved ntop's calls to cgi routines.

      31. Fixed http:// and https:// handlers so that -w ip:port and -W ip:port bind 
          only to the selected address.



      Minor items

       1. gdchart0.94c - buildAll.sh updated to build the subordinate products for Sun 
          and Mac OS X.

       2. Definition of mySQL/postgres table IPtraffic (in database\mySQLdefs.txt and 
          database\pg_SQLdefs.txt) updated to match code.

       3. docs\ files added:  BUG_REPORT and 1STRUN.txt

       4. html files updated to be both W3C HTML4.01 compliant 

          (most of them, for those that aren't a w3c alternate file is provided) 

          and to support both older browsers and style sheets. Makes for messy html, but
          it does pass the standards check at w3c.org!

       5. Temporary file names for charts are now randomly named 
          (except under WIN32 which uses the socket #)

       6. make ntop.html updated so it works and creates BOTH copies, ntop.html 
          and html/ntop.html.

       7. make install-data-local updated to add $(DESTDIR) for rpm creation.

       8. www/Perl/mapper.pl updated for new URL and query format.

       9. Bytes Sent & Bytes Rcvd added to icmp Plugin report.

      10. Logging of suspicious packets in logger.db (not the storing of packets 
          themselves, but the message: "Detected overlapping packet fragment [xx->xx]: 
                                        fragment id=#, actual offset=#, previous offset=#"
          was removed, logger.c moved to /obsolete.

      11. vendortable.h updated to an early June 2002 IEEE file.

      12. If available (gcc only), and if the -K command line is set, ntop will automatically 
          generate a backtrace (stack trace) upon a segnetation fault.

      13. IBM AIX configuration (enable_shared=no, enable_static=yes) removed.  
          AM_ENABLE_SHARED made default for all configurations.

      14. Option descriptions for ./configure --help make clearer.

      15. Test for gethostbyaddr_r added to ./configure and code which uses the right 
          version is in address.c.

      16. pep Plugin is not compiled by default.  Requires change to configure.am to 
          re-enable.

      17. ltmain.sh updated for Darwin (MAC OS X).

      18. Session specific code moved out of pbuf.c (and other places) into new file, 
          sessions.c.

      19. Threading problem resolved in address.c, resolveAddress() function.

      20. cleanupHostEntries() thread now sleeps until specified interval elapses 
          (caused 100% cpu usage problem).

      21. Napster specific coding removed.

      22. --throughput-bar-chart option added to allow for BAR vs. AREA charts.

      23. Packet TTL pie chart (pktTTLDistribPie()) added to Global Traffic Statistics
          report.

      24. info.html improved and textinfo.html (suitable for bug reports) added.

      25. getHostInfo() moved from pbuf.c to hash.c

      26. ntop generates titles, ALT tags on images, etc. on the html pages.

      27. favicon.ico added.

      28. hostsDistanceChart added to Global Traffic Statistics (based on ttl).

      29. hostTrafficDistrib, hostFragmentDistrib, hostTotalFragmentDistrib and 
          hostIPTrafficDistrib charts added.

      30. dumpFlows.html added.

      31. Ring buffer (size MAX_NUM_BAD_IP_ADDRESSES) added of addresses which 
          have sent us bad requests (URLsecurity).

          Any request from that IP is ignored for five minutes or until the ring
          buffer wraps around.

          Note that this is NOT a security issue, we're just choosing to stop
          wasting processing cycles for bad guys early in the process instead
          of after finding another bad URL.  That is a string of bad ones won't
          get anything MORE out of ntop - either a 404 or no response, depending
          on the ring buffer.  Don't like it?  There is a #define constant to
          turn it off.

      32. HTS - Host Traffic Statistics thread removed.

      33. TU - Throughput Update (optional) thread removed.

      34. SIH - Scan Idle Hosts (optional) 2nd thread (scanIdleSessionsLoop) removed.

      35. DNSAR - DNS Address Resolution (optional) thread permits multiple instances 
          (MAX_NUM_DEQUEUE_THREADS). ntop ships with this set to 1 and larger values 
          may not have been well tested.

      36. ntop always creates at least one device (a dummy) so that it won't crash 
          if there are no interfaces.  This is most common when using sFlow/netFlow 
          without local monitoring.

      37. myGlobals.pcapLogBasePath (DBFILE_DIR) added to (optional) pcaplog and 
          ntop-suspicious-pkts output file names.

      38. Default protocol list (if no -p option) changed to:

            FTP:        ftp|ftp-data|
            HTTP:       http|www|https|3128|
            DNS:        name|domain|
            Telnet:     telnet|login|
            NBios-IP:   netbios-ns|netbios-dgm|netbios-ssn|
            Mail:       pop-2|pop-3|pop3|kpop|smtp|imap|imap2|
            DHCP/BOOTP: 67-68|
            SNMP:       snmp|snmp-trap|
            NNTP:       nntp|
            NFS:        mount|pcnfs|bwnfs|nfsd|nfsd-status|
            X11:        6000-6010|
            SSH:        22|
            Gnutella:   6346|6347|6348|
            Morpheus:   1214|
            WinMX:      6699|7730|
            Audiogalaxy: 41000-41900|

      39. scanTimedoutTCPSessions() moved from pbuf.c to sessions.c.

      40. updateOSName() moved from pbuf.c to util.c

      41. Improvements in handling bootp/dhcp packets.

      42. DNS sniffing igores .arpa responses.

      43. A number of longer reports are now paged with prev/next first/last buttons.

      44. "Local Subnet Routers" are reported only if we're trusting the MAC 
          address (i.e. not border sniffer mode).

      45. Debug logic, printSession(), printSessions() and printTCPSessions() removed.

      46. A "Remote Traffic" section was added to the "IP Protocol Distribution" report.
          If ntop is sitting on a backbone or wan link with lots of traffic remote to 
          remote, this can be interesting.  For most users it's useless. (I'm allowed to
          dis it, it's my own code -----Burton)

      47. A lot of minor name cleanup for consistency (i.e. Rcvd everywhere instead of 
          some being Received).

      48. ICMP statistics ("ICMP Traffic") added to "Info about host" report.

      49. Whois link to http://www.radb.net/cgi-bin/radb/whois.cgi added to "Info about 
          host" report.

      50. Host Traffic History added.

      51. If SSL is compiled in, but there is no -W command line parameter, an 
          informational message is printed during startup.

      52. Peak throughput calculation - fixed a one period lag, vs. average.

      53. Added error messages for allocation and mutexes - to make future 
          troubleshooting easier.

      54. Fix trace level handler so values other than 3 work.

      55. updateOSName(), _incrementUsageCounter(),  moved from pbuf.c to util.c. 

      56. Added routines to store plugin settings/preferences in a database 
          between runS.

      57. Fixed up ntop "sleep" routine to handle interrupts.

      58. Added note to "Switch NIC" to explain: Note that the netFlow and 
          sFlow plugins - if enabled - force -M to be set (i.e. they disable 
          interface merging).

      59. Moved usage() from webInterface.c to main.c

      60. Hash table extend sizing now parameterized AND explained in ntop.h

      61. --no-admin-password-hint option was removed in favor of NO predictable
          default and with the -A option to make it cleaner to set the default.


          ____    ___
  POST   |___ \  / _ \
           __) | | | |
          / __/_ | | |
 =-=-=-  |____(_)|___/ =-=-=-=-=-=-=-=-=-=-=-=-=

 through 12Feb2002
   Traffic classification fixed (was classifying most as remote)

 through 06Feb2002
   sFlowPlugin

 through 04Feb2002
   Long options:  There are now long option name equivalents for all of the ntop options
          (e.g. -p and --protocols).  Run ntop with a bum option to get the list.
   --no-admin-password-hint option, removes the hint on the password entry dialog box
   --throughput-bar-chart, makes the throughput charts of bar vs. area type
   New pie chart showing the distribution of packet TTS, on the Stats tab, Traffic report
   Longer reports are now paged.
   If ntop doesn't like an option, it will now tell you what it didn't like:
          FATAL ERROR: unknown ntop option, 'xxxx'
   Default protocols are added to the monitoring list ONLY if we have nothing from the user.
   The list of protocols (-p | --protocols option), if placed into a file, may now be on multiple lines.
   The number of IP protocols being monitored was added to the configuration report.
   The default protocol list includes three additional peer-to-peers:
       handleProtocolList("Gnutella", "6346|6347|6348|");
       handleProtocolList("Morpheus", "1214|");
       handleProtocolList("WinMX",    "6699|7730|")
   Idle session timeout (IDLE_SESSION_TIMEOUT) was changed from 30 to 10 minutes.
   Handle UDP traffic is handled like TCP traffic - that is: if we know about the lower# port, even if 
           it's the destination, classify the traffic that way.
   Average packet length approximation in the Stats | Traffic report was fixed.
   wheel.gif become antenna.gif for DHCP servers.
   --border-sniffer-mode (also -j) - for using ntop in a switched environment, where the traffic is
           being mirrored for monitoring, this makes ntop less dependend on the MAC addresses.


          ____    ___
         |___ \  / _ \
           __) | | | |
          / __/_ | | |
 =-=-=-  |____(_)|___/ =-=-=-=-=-=-=-=-=-=-=-=-=

2.0 Released 27Dec2001
- Major improvements, too many to list



1.2a13 [Snapshot]

Fixed bugs:
- Fixed PPP compatibility glitch
          _   _____
         _   _____
        / | |___ /
        | |   |_ \
        | |_ ___) |
 =-=-=- |_(_)____/ =-=-=-=-=-=-=-=-=-=-=-=-=


1.3a0 [Snapshot]

- better GNU autoconf-ified distribution
- include initial release of NtoPerl module


          _   ____
         / | |___ \
         | |   __) |
         | |_ / __/
 =-=-=-  |_(_)_____| =-=-=-=-=-=-=-=-=-=-=-=-=

1.2a13 [Snapshot]

Fixed bugs:
- Fixed PPP compatibility glitch
- Various fixes
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Fixed a mutex bug that cause ntop HTML interface to lock
- Thpt graphs didn't show the right value (graphs where
  compressed 8x)
- Fixed a bug in configure that prevented it to
  recognise user specified directories
  (e.g. --with-gdbm=...)
- Added a fix for address resolution
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Several fixes about address resolution and
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Fixed a bug (that caused a core) in the icmpPlugin when
  ntop receives fragmented ICMP packets.
- Added fix for 1) better handling fragmented packets and
  2) improving fragment lookup speed.
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Added further Suse fixes
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Fixed NFS plugin bug
  (Courtesy of Scott Hebert <scott@cae.ca>)
- Fixed incompatibility with interfaces
  without an IP address associated (e.g. bridge)
  (Courtesy of Diana Eichert <deicher@sandia.gov>)
- ntop used to crash in interactive mode while
  reading from a pcap capture file
  (Courtesy of John Bates <johnb@up.edu>)
- Fixed an incorrect MIME type on icmpPlugin
- The 'Shutdown ntop' menu entry is now protected
  by default
- Fixed MTU size check
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Fixed a security flaw: ntop now check whether the
  requested URL does not contains strings such as '..'
  that may violate system security.
  (Courtesy of Vanja Hrustic <vanja@relaygroup.com>)
- On the left HTML frame a link to a non JavaScript
  menu has been added. ntop can now be used
  confortably by non JavaScript-enabled browsers.
  (Courtesy of Boja Morcos <????????????????>)
- nmap, neped and lsof are now searched in the
  PATH at ntop startup and no longer by the
  configure script.
- Fixed a bug in the lsof handling code.
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Fixed several small problems in the SQL code
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Fixed a bug in the code that compares the captured
  packet size with the MTU of the capture device.
- Fixed a bug that prevented ntop to properly
  handle multiple capture devices
- ntop/Linux: the libnsl -if present- is included
  because is needed on some distributions
  such as RH
  (Courtesy of Brian Bothwell <brian@wisdomtools.com>)
- Added a few fixes to the installer/Makefile
  and compatibility issues with FreeBSD
  (Courtesy of Borja Marcos <borjam@sarenet.es>)
- Fixed yet another small glitch that might cause ntop
  to crash under heavily loaded networks.
- Fixed a bug in the Makefile 'clean'
  (Courtesy of Anthony David <adavid@deetya.gov.au>)
- Fixed a bug that prevented virtual interfaces
  (e.g. eth0:0) to be properly handled by ntop.

Enhancements:
- Removed '-a' flag: ntop recognises automatically
  multihomed interfaces.
- Added QNX support
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Actual throughput is now calculated everytime
  statistics are displayed
- Added Packets/sec 'Traffic Stats'
  (Courtesy of Ted Staberow <tstaber@attglobal.net>)
- Modified HostTraffic typedef: 20% memory
  saving for each hash bucket.
- Service/Port Usage table, now reports traffic for
  each protocol.
- added localhost.gif icon for RH hosts with no
  domain set
  (Courtesy of Kashif Rashid <Kashif.Rashid@sbs.siemens.ca>)
- ntop not implements filter rules (-R flag).
- ntop+SSL has now a new certificate that does no
  longer require a password at startup.
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Enhanced the SuSe package
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Added ipalias support via the '-a' flag
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Update the ntop man page
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- ntop now returns a 'HTTP/1.0 501 Not Implemented' for
  methods other than GET/POST.
  (Courtesy of Vanja Hrustic <vanja@relaygroup.com>)

-------------------------

1.2a12 [Snapshot]

Fixed bugs:
- Fixed bug with long site names
  (Courtesy of Andreas Pfaller <a.pfaller@pop.gun.de>)
- Fixed MySQL inconsistency
  (Courtesy of Jone Marius Vignes <vignes@nsd.uib.no>)
- Fixed bug with Netscape that prevented users to
  add/modify/delete user/passwords.
- pcap includes installed in /usr/include/pcap are now
  found.
- added a fix that caused getHostInfo() to return a NULL
  when the hash table was (almost) full.
- Fixed a counter bug (this problem has been introduced
  when the fragment handling code has been modified)
  (Owner: Anthony David <adavid@deetya.gov.au>)
- Fixed a bug that caused some pie charts to show
  an hugly picture.

Enhancements:
- Changed configure structure and improved checkings
  (Courtesy of Albert Chin-A-Young <china@thewrittenword.com>)
- ntop_win32.[ch] are now part of the distribution.
- Options '-p' and '-F' accept both inline values or a file name
  containing the specified values.

-------------------------

1.2a11 [Snapshot]

Fixed bugs:
- Dropped use of values.h in favour of limits.h and float.h
  (Courtesy of Stan Brown <stanb@awod.com>)
- Added configure flag (--enable-curses [default=yes]) for
  preventing ntop from using curses if present.y
  (Courtesy of Dmitriy Shishkin <bug@openpagepro.c>)
- Fixed a gdchart bug that caused the chart library to loop
  indefinitively.
- Fixed a bug that caused ntop to have problems with non Ethernet
  interfaces (this problem has been introduced when multiple
  interface support has been added).
- Y label is now shown on thpt graphs.
- Fixed bug that caused nmap not to always recognise
  the host OS.
- Added -P flag for specifying the directory where ntop
  creates the .db files (default is '.').
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)
- Added Suse 6.X support
  (Courtesy of Ralf Amandi <Ralf.Amandi@accordata.net>)


Enhancements:
- Added SSL support via OpenSSL (www.openssl.org) if
  installed. I've included a simple ntop-cert.pem file
  that a certificate I created using OpenSSL. You should NOT
  use it in an idead world. Nevertheless, if you really wanna
  use it when ntop (with SSL support) starts up and it prompts
  'Enter PEM pass phrase:' you should type the seed
  I used for generating this test certificate, namely
  '*****'. (see fix for 1.2a13)
- Added ability to specify '*' (all URLs) for protecting
  all URLs.
- "make install" has been implemented

-------------------------

1.2a10 [Snapshot]

Fixed bugs:
- Fixed a buffer overflow caused by long URL requests
  (Courtesy of Vanja Hrustic <vanja@relaygroup.com>)
- Recompiled under Win32 and fixed incompatibilities

Enhancements:
- Use of cascading style sheets
- Added icon on top of sortable table indicating
  the sorted column name
- If you put an html/statsicons/flags/<domain>.gif
  then when ntop shows the flag for <domain> it uses
  the <domain>.gif icon instead of the default one
  (Owner: Ross Campbell <rcampbel@us.oracle.com>)
- Added menu entry for shutting down ntop using
  a web browser
- Added the 's' flag that's used to specify the hash
  table size: the smaller is the value the less memory
  is used -> the less efficient is the hash ->
  the slower is ntop. Life is a matter of tradeoffs!
- Added lastSeenPlugin.c written by
  Andrea Marangoni <marangoni@unimc.it>. This plugins
  is a work in progess (as ntop :-)). Many thanks Andrea!

------------------------------------------------------

1.2a9 [Snapshot]

Fixed bugs:
- Fixed a couple of problems that caused core dumps
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
- Host names are symbolic both in MT and ST mode.
- Fixed some problems with mySQL (it use case sensitive
  table names).
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
- ntop looks for *.html/gif/jpeg files in the local html/
  directory if such files have not been found elsewhere
  (e.g. /etc/ntop).
- Added a JavaScript fix for the traffic matrix
  (Courtesy of Danijel Doriae
   <danijel.doric@industrogradnja.tel.hr>)

Enhancements:
- Replaced queso with nmap (it looks much more realiable)
- Added a new application (database/mySQLserver.pl) written
  in Perl tuned for mySQL equivalent to ODBCServer.java.
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
- Added TCP/IP overlapping fragments detection
- Added ntop.ini (packages/rpm/usr/doc/ntop-1.1) startup
  script.
  (Courtesy of Patrick Robert <PatrickR@ncr.disa.mil>)
- Added packet retransmission statistics
- Added MacOSX support
- If there is a local service file (similar to /etc/services)
  then it's used insted of the default one (/etc/services)
  (Courtesy of Ross Campbell <rcampbel@us.oracle.com>)

 ------------------------------------------------------

1.2a8 [Snapshot] (Tue Oct 26 17:33:08 MEST 1999)

Fixed bugs:
- fixed buffer overflow bug in report.c
  (Courtesy of Rainer Tammer
   <rainer.tammer@spg.schulergroup.com>)

Enhancements:
- Added support for multiple interfaces. For instance if
  you want to capture traffic from both eth0 and eth1 do
  ntop -i "eth0,eth1" ...
- Added graphics via gdchart (http://www.fred.net/brv/chart/)
- Added better garbage collection capability to the icmpPlugin

--------------------------------------------------------

1.2a7 [Snapshot]

Fixed bugs:
- fixed buffer overflow bug
- Modified Makefile to use a symbolic link with .. instead of
  hardcoding the $(PWD) (which don't seem to work in Linux).
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
- Added HP-UX support
  (Courtesy of Rusetsky Dimitry <dima@nbkbr.rosmail.com>)
- Fixed bug that caused ntop to ask for the admin password
  when plugins are accessed.
- Fixed bug on some platforms (mainly Intel based) that due to
  big/little endian caused the arpPlugin not to display entries
- Fixed SLACKWARE compatibility flaws

Enhancements:
- Added -B flag (Win32 only) for specifiying the NDIS driver buffer
- Added -D flag for specifiying the Internet domain name
  (Owner: Stijn Jonker <s.j.c.jonker@sjc.nl>)
- Added the capacity to bind to a network address and a port in web
  mode if wanted: use ipaddress:port instead of port:
  205.205.205.205:2000 instead of 2000.
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
  (Owner Chris Hall <dylix@home.com>)
- Added a reset Statistics option in the Admin portion of the web
  page.  I didn't modify the default denied URLs to restrict access to
  this options however.
  (Courtesy of Daniel Savard <daniel.savard@gespro.com>)
- Added libwrap support (i.e. ntop now handles /etc/hosts.allow
  /etc/hosts.deny)
  (Courtesy of Georg Schwarz <schwarz@physik.tu-berlin.de>)
- Added an initial, incomplete version of the ODBC plugin
  for accessing ntop from unixODBC

-------------------------------------------------

1.2a6 [Snapshot]

Fixed bugs:
- local throughput is now calculated correctly
  (Owner: Philippe Dechezelles
   <p.dechezelles@delta-informatique.com>)
- fixed several minor glithes that caused ntop to crash
- added support for Win 95/98.

-------------------------------------------------

1.2a5 [Snapshot] (Mon Aug 30 10:13:59 MEST 1999)

Fixed bugs:
- The termination process (^C) is now smoother.
- Fixed a buffer overflow that caused core dumps when
  ntop had to manage long symbolic host names.

Enhancements:
- Images returned via HTTP now contain the "Last-Modified"
  entry into the HTTP header that should allow browsers
  to better cache images.
- Throughput stat graphics are not drawn using JavaScript
  in order to produce "real" graphics
- ntop extensibility via user-defined plugins: so far
  two very simple plugins have been released (arpWatch,
  nfsWatch). Put your plugins (or symbolic links to your
  plugins) into the plugins/ directory.
- DNS packets handling: ntop now decodes DNS replies in
  order to cache sym<->num mappings hence to significantly
  reduce the number of DNS requests

-------------------------------------------------

1.2a4 [Snapshot] (Mon Aug  9 17:59:15 CEST 1999)

Enhancements:
- log file now contains stats about specified IP protocols
  (Owner: Laurent Doublein <Laurent.Doublein@par.sita.int>)
- Users can now specify the mapping  MAC addr <-> symbolic
  names for non-IP hosts. Under utils/ there's a new utility
  called 'addMacAddress' that allows to do that. See the
  utils/README file for further info.
  (Owner: Massimo Gais <mgais@na.astro.it>)
- Added support for JPEG files

Fixed bugs:
- "tun0" interface is now properly recognized as
   a PPP interface under FreeBSD
- fixed a bug that prevented "Host Info" table header
  hyperlinks to point to valid links
- Fixed ntop.log: ntop now logs data correctly
  (Owner: Sebastien Brault <sebastien.brault@cnet.francetelecom.fr>)
- ntop shouldn't display the help anymore when the
  windows is resized.
  (Owner: Johan Fredrik ÿhman <johan@essay.org>)

-------------------------------------------------

1.2a3 [Snapshot] (Thu Jul 22 13:01:22 MET DST 1999)

Enhancements:
- extended domain statistics
- added country icons
- added OS icons
- added CGI (Common Gateway Interface) support.
  Everything under /cgi/ is considered a cgi-like
  script.
- Rewritten user/password support: pw are not stored into
  a databse in encrypted form. Administrators can protect
  with password selected URLs. All the administration is
  performed with ntop. The default administrator user
  is 'admin' with password 'admin'. Make sure you change
  these default settings for your own security.

Fixed bugs:
- lsof/neped data now work again

-------------------------------------------------

1.2a2 [Snapshot]

Enhancements:
- ntop.cache has been replaced by ntop.db
  that is created/used is ntop has been compiled
  with GDBM support.
- Added Internet Domain Statistics
 (Owner: Frank Pinzin <frank.pinzin1@sheridanc.on.ca>)
- Symbolic Internet addresses are now mapped to
  lowercase letters
- Added 'delayed' free: host's memory free is delayed in
  order to avoid situations where a host being used (e.g.
  a report is being generated) while another thread
  is freeing it.
- Clicking twice on a HTML column name, the sort order
  is reverted
- Added (basic) FDDI support
  (Owners:
  Ron Campbell <Ron.Campbell@unixa.nerc-wallingford.ac.uk>
  Graeme Wilford <G.Wilford@ee.surrey.ac.uk>)
- Added RH 6.0 pcap support

Fixed bugs:
- Some hash tables had wrong garbage collector code. In
  particular this caused the main table become full. This
  was the main cause of performance degradation due to
  large lookup times.
- red.gif is now sent properly (the HTTP header format
  used to be of wrong type)
- Added missing "<center>" tag on the throughput
  graph.

--------------------------------

1.2a1 [Snapshot]

Enhancements:
- The list of MAC vendors is now based on
  http://standards.ieee.org/regauth/oui/oui.txt
  (Owner: Massimo Gais <mgais@na.astro.it>)
- Added support for 'special' (e.g multicast/vendors specific)
  MAC addresses
  (Owner: Bertrand Petit <elrond@phoe.netdev.net>)

Fixed bugs:
- Peer hosts now show up
- Fixed bug that prevented the 'Last Contacted Peers'
  table to show up on hosts that have received but not
  sent any packet.
- Traffic Thpt is now sorted properly (again)

--------------------------------

1.2a0 [Snapshot]

Enhancements:
- Added queso (http://www.apostols.org/) support. Now each host
  lists the OS that's *supposed* to run
- red.gif is not included in ntop (so there's no need
  to necessarely have it on html/)
  (Courtesy of Hans Werner Strube <strube@physik3.gwdg.de>)
- Porting to Digital Unix OSF/1
  (Courtesy of Stephen Carr <Stephen.Carr@adelaide.edu.au>)
- Added '-e' flag, that allow users to specify the maximum number
  of HTML rows (default is 384)
  (Owner: Dennis <d.schulze@mc-wetter.de>)

--------------------------------

pre3-1.1 [Candidate Release]

Fixed bugs:
- the 'sh' varable is now set properly in the Makefile
  (Owner: Igor Schein <igor@txc.com>)

--------------------------------

pre2-1.1 [Candidate Release]

Fixed bugs:
- Added Slackware '-d' support
- Fixed $HOME bug (ntop used to core when $HOME isn't defined)
  (Owner: Richard L. Hamilton <rlhamil@mindwarp.smart.net>)

Enhancements:
- Added OSI (on Ethernet, not IP) support

--------------------------------

pre1-1.1 [Candidate Release]

Fixed bugs:
- Labels for 'Other IP' rows have been changed
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- 'IP Traffic' tables can now be sorted
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed a bug that caused ntop to process TR packets with
  a wrong (negative) length
  (Owner: Holger Marzen <marzen@mgi.de>)
- Both '.ntop' and HTML pages are now searched on
  /etc/ntop and other dirs (see dirs[] on http.c). In addition
  '.ntop' is first searched under $HOME.
  (Owner: Cerqui Marco <marco.cerqui@alcatel.ch>)
- AppleTalk fixes
  (Owner: Bertrand Petit <elrond@phoe.netdev.net>)

--------------------------------

v1.1cr7 [Candidate Release]

Fixed bugs:
- Fixed minor interactive mode glitch.
  (Owner: David.Anthony <David.Anthony@comcare.gov.au>)
- Added missing caption to a table contained on "IP Protocol Distribution"
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed a bug in formatKBytes routine (GB/TB problem)
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- OSPF and other columns in interactive mode are now
  sorted properly (again)
- Added support for Slackware Linux
- Bar labels in the "Throughput Stats" graph are now more readable
- Added '-d' flag: ntop can now become a daemon.
- Added SIGHUP support: ntop statistics are reset when the SIGHUP signal
  is received

Enhancements:
- The html/ directory is searched locally first and then
  under /etc/ntop/html and other dirs such as
  /usr/local/... opt/...
- The makefile now can build new install packages for additional
  platforms

--------------------------------

v1.1cr6 [Candidate Release]

Fixed bugs:
- Fixed a bug on broadcast addresses handling
  that caused ntop to crash
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed a buffer overflow problem
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed the default refresh time in interactive mode
- Fixed a bug that caused ntop to crash after stats
  reset ('r' key on interactive mode)
  (Owner: <sorry I forgot who reported me the bug>)
- Added support for SunOS 4.x
  (Owner: Hermann Hueni <hueni@glue.ch>)
- lib(n)curses is not checked if (n)curses.h has not been found
  (Owner: Dave Warner <davew@lucent.com>)
- Fixed a bug that prevented networks flows/traffic
  matrix entries to be updated properly.
- Fixed a bug that caused lsof to create a costant increasing
  list of processes (this cased ntop to crash).
- Fixed a bug that caused wrong values for "Other IP" counters
  to be returned.
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- HTML links for ethernet addresses are now
  compatible with MS Explorer
- Fixed (R)ARP bug: this is not IP but in some tables it
  belonged to IP
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- ntop now recognizes the file 'index.html' if present in
  the html/ directory

--------------------------------

v1.1cr5 [Candidate Release]

Fixed bugs:
- The optional BPF filter reported an error on the
  screen whenever a wrong filter was specified
- Multicast stats no longer crash ntop
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).

Enhancements:
- Added host peak throughput
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Default thpt refresh is now 15 seconds (it used to be 120)
- Added customisable HTML menu appearance
- Added bytes on multicast stats
- Added new checks (the argument must be a number) for
  flags that require numeric arguments

---------

v1.1cr4 [Candidate Release]

Fixed bugs:
- HTTP passwd compatibility glitch fixed.
- Fixed a bug that caused some URLs to crash ntop
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed a compilation glitch with Slackware
- Token Ring on AIX works now
  (Owner: Jean Paul LÛpez y Driessen
          <jean_p_lopez_driessen@es.ibm.com>)
- Fixed "IP Protocol Subnet Usage" entries
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- The local domain name used to be empty on some
  not well configured hosts
- The message "Dropping..." isn't displayed anymore. Instead
  of discarding addresses, they are kept in numerical form.
  (Owner: Davin Milun <milun@cse.buffalo.edu>)
- Fixed cosmetic flaw
  (Owner: William R. McDonough <wrmcd@wilmcd.com>)
- Removed a lot (if not all) of warnings (-Wall)
- Added new ports (ssh,domain,login,nntp) to the
  default IP ports
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Network traffic is now counted on full packet size (ethernet
  packet) and not on the encapsulated packet/protocol length
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Added missing captions to several tables
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Fixed a problem with PPP (analog not ISDN)
  (Owner: Bill Swisher <bswisher@micronet.net>).
- Several lsof fixes have been included

Enhancements:
- Added RAW IP support

---------------------------------
v1.1cr3 [Candidate Release]

Fixed bugs:
- Fixed bug that prevented some IP addresses not to be resolved
  to their symbolic name.
- Fixed a problem that occurred during the parsing of the
  command line protocols (-l flag)
- Fixed a nasty problem (pbuf.c, FIN/ACK handling) that caused some
  data structures to be corrupted. This problem caused the ntop crash.
- Column sort works again
- Fixed compatibility glitches with AIX and Solaris 2.x
- ntop (interactive mode) no longer crashes when the help
  screen is displayed and no key has been pressed.
  (Owner: Igor Schein <igor@txc.com>)

Enhancements:
- The code is now Win32 friendly.
- IP Traffic Matrix content has been redesigned.


---------------------------------

v1.1cr2 [Candidate Release]

Fixed Bugs:
- ntop compiles properly on Solaris
  (Owner: Igor Schein <igor@txc.com>)
- Lsof accounting now displays data correctly
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- In some cases ntop didn't contain the HTTP header
  that might have caused problems with old M$ Explorer
  versions.
  (Owner: Felipe Tonioli <tonioli@mtec.com.br>)
- Non IP hosts (i.e. those that don't have an IP address)
  are now displayed again. They are considered as non-local
  hosts.

Enhancements:
- Added PPP interface support
  (Owner: Fabrizio Carrai <f.carrai@iol.it>)
- Lsof information is updated only if needed (i.e. if ntop
  receives a packet for a local port that is not yet known)
  and not more than once a minute.
- configure allows to enable (default) or disable both
  lsof and threads support:
  - configure -enable-lsof=no
  - configure -enable-threads=no


-----------

v1.1cr1 [Candidate Release]

Fixed Bugs:
- The 'q' key in MT/interactive mode works again
  (Owner: Felipe Tonioli <tonioli@mtec.com.br>)
- While symbolic addresses are resolved, the temporarely address
  is no longer '?' but the numeric one (with '*' around to indicate
  this special status)
  (Owner: Felipe Tonioli <tonioli@mtec.com.br>)
- Broadcast addresses for specified (-m flag) networks are now
  handled properly
  (Owner: Antonello Maiorca <marty@tai.it>)
- Some combination of networks/netmasks were not handled properly
  (Owner: Axel Morhenn <morhenn@comspace.de>)
- Non IP-based hosts (e.g. IPX based) are being now displayed
  (Owner: Rick Morris <rmorris@csp.net>)
- Added division by zero ckecks
  (Owner: Peter Marquardt <wwwutz@mpimg-berlin-dahlem.mpg.de>)

Enhancements:
- Added support (-m flag) for non IPv6 netmasks. Namely -m now
  accepts both 131.114.21.0/24 and 131.114.21.0/255.255.255.0
  (Courtesy of Antonello Maiorca <marty@tai.it>)
- Added new HTML menu entry 'Local Nw Usage' that keeps track of the
  traffic generated by local applications/users. This enhancement
  makes use of lsof (see FAQ).

-----------

v1.1cr0 [Candidate Release]  14/01/1999

Enhancements (Multithread only):
- All the main ntop functionality are now handled by threads
- Address resolution (DNS) is now asynchronous
- Semaphores (where available) are now used

Fixed Bugs:
- Minor interface changes
- Added support for AIX, HP-UX

-----------
v1.1a10 [Snapshot]

Fixed Bugs:
- Removed several warnings (-Wall)
- Spawned child proceses should now be handled properly
  (no zombies anymore, I hope)
- Fixed a typo that prevented ntop to compile in single
  thread mode
- Fixed a bug that caused the time to be corrupted when
  ntop returns data from an interface from which packets
  have not yet been received
- Removed a warning that was issued when ntop was unable to
  locate a fragment: the code looks good but sometimes a fragment
  is not located because ntop started capturing data after the first
  fragment was transmitted.

--------

v1.1a9 [Snapshot]
Fixed Bugs:
- Thpt value now are shown properly

Enhancements:
- Added network flows (-F flag)
- added multitrhead support

--------

v1.1a8 [Snapshot] Tue Dec 22 16:27:33 CET 1998

Fixed Bugs:
- The connection duration values have been fixed
- Counters should now display correct values
- The function that checked whether an address is a multicast
  was broken.
- Local hosts are no longer purged: this caused the traffic
  matrix to have some problems when some hosts are purged.
- The vendor name is now shown properly on interactive mode
- The 'Hosts Info' page can now be properly sorted according
  to host IP address
  (Owner: Jerome.Le-Tanou@ujf-grenoble.fr)

Enhancements:
- Traffic is now counted using 64 bits counters
- Some basic protocols are added to the ntop known services
  regardeless of their inclusion in /etc/services
- X11 has been added to the default IP protocols
- IP fragments are now handled properly.
  (Owners: Leon Verrall <leon@reading.sgi.com>).
- The traffix matrix cells have a bg color (blue-green-red)
  depending on the cell traffic
- All HTML tables entries have now some content
  (empty cells/rows aren't generated)
- Added the list of the last 16 peers that exchanged data with
  a given host (Info about ...)
- Added a "Multicast Stats" entry

--------

v1.1a7 [Snapshot] Tue Dec 15 10:51:54 MET 1998

Fixed Bugs:
- install-sh has the permissions set to 755
  (Owner: of "David.Anthony" <David.Anthony@comcare.gov.au>)
- Some #ifdefs are missing on BSD: they are now defined in ntop.h
  (Owner: James Ponder <james@oaktree.co.uk>)
- The configure file resolves u_int (needed on SunOS 4.X)
  (Owner: Rich Kulawiec <rsk@gsp.org>)
- The configure file now checks more strictly the presence of (n)curses
- Fixed the pcap_XXX_version problem on BSD systems
  (Owner: James Ponder <james@oaktree.co.uk>)

---------

v1.1a6 [Snapshot] Mon Dec 14 16:31:01 MET 1998

Fixed Bugs:
- ntop core dump (idle sessions were not freed smoothly)
  Unfortunately, there are apparently other problems that might
  cause cores. Those problems are still under investigation.
  (Owners: David.Anthony <David.Anthony@comcare.gov.au> and
           Leon Verrall <leon@reading.sgi.com>).
- Fixed interactive-mode column display
- Fixed a bug that prevented UDP sessions to show up
  properly (Info about ...)

Enhancements:
- '-m' flag has been added for specifying subnets whose traffic is
  considered local.
  (Owner: James Ponder <james@oaktree.co.uk>).
- Added new links on table columns for sorting purposes
- Added for each host (Info about ...) a table that shows the host traffic
  and a table that displays the uses for ports (0-1024)
  (Owner: Robert Greimel <greimel@beluga.phys.uvic.ca>)

----------------------------------------------
v1.1a5 [Snapshot] Fri Dec  4 10:47:16 MET 1998

Fixed Bugs:
- Total traffic bars/stats: the counter should now be fixed.
 (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- The function that prints the time should now work properly
  (Owners: "William R. McDonough" <wrmcd@wilmcd.com>,
           "David.Anthony" <David.Anthony@comcare.gov.au>).
- Fixed bugs that prevented some IP addresses to be converted to symbolic
  ones.
- HTTP passwords non '\n'-terminated are now handled properly
  (Owner: Leon Verrall <leon@reading.sgi.com>)
- Fixed some typos/problems in the man page
  (Owner: Robert Greimel <greimel@beluga.phys.uvic.ca>)
- The log file is flushed once an entry is added
  (Owner: Robert Greimel <greimel@beluga.phys.uvic.ca>)
- Pkts number (trafficStats.html) is now displayed correctly.
- Fixed a bug in the traffic matrix table that prevented numeric hosts
  name to be shown properly.
- Optimization of the HTML code generated for the matrix table resulting in
  smaller table size.
- Fixed the vendor for "00:00:83" cards.
- AppleTalk/IPX have been added to the web graphs
  (Owner: Ian Reinhart Geiser <geiseri@msoe.edu>)

Enhancements:
- Added per protocol global statistics
- Added bandwidth column (Hosts Info entry)
- Table columns can now be sorted by clicking on the column name link.
- The '-r' flag can now be used to specify HTML page refresh rate
  (Owner: Robert Greimel <greimel@beluga.phys.uvic.ca>)
- Added support for Netbios (over Ethernet), OSPF, IGMP.

----------------------------------------------
v1.1a4 [Snapshot] Fri Nov 20 01:08:47 CET 1998

Enhancements:
- Added (hopefully) token ring support
  (Owner: Holger Marzen <marzen@mgi.de>/Martin Olsson <root@elof.vasteras.se>).
- Ability to sort (HTML mode) table columns
- IP ports (-p flag) can be specified both in numeric and symbolic form
- Added -f flag for reading tcpdump captured traffic
  (Owner: Matthew Franz <mdfranz@txdirect.net>).
- Fixed interactive mode column length
  (Owner: Davin Milun <milun@cse.Buffalo.EDU>)
- Hosts/Connections idle for very long time will be flushed
  (Owner: "William R. McDonough" <wrmcd@wilmcd.com>).
- Only active TCP connections are shown (no TIME_WAIT or FIN_ACK_1 status)
  (Owner: Lutz Vieweg <lkv@isg.de>).

Fixed Bugs:
- Colored bar percentages are now shown properly
 (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).

Implicitly Fixed Bugs:
- Added support for IRC (ports 6667-7000 and 4400)
  (Owner: Thomas Marmetschke <tom@krush.net>).
- Added Log facility and the ability to show hourly/daily/weekly traffic like MRTG
  (Owner: Kwon Soon Son <cessi@yellow.hpcnet.ne.kr>)

-------------------------------------------------------------

v1.1a3 [Snapshot] ?????

Internal Release

-------------------------------------------------------------
v1.1a2 [Snapshot] ?????

Fixed Bugs:
- ntop.c:mapGlobalToLocalIdx
  Fixed bug that caused ntop to crash when the port to examine was
  not contained in the range 0 - TOP_IP_PORT.
- Fixed bug that prevented time to be formatted properly


-------------------------------------------------------------

v1.1a1 [Snapshot] ?????

Fixed Bugs:
- pcap.h is now located correctly
- http page load is damn fast now
- fixed minor bar/color/font glithes

-------------------------------------------------------------

v1.0a0 [Snapshot] Fri Nov  6 00:16:30 CET 1998

Enhancements:
- Added 1 minute, 5 minutes throughput
- Added throughput mode in both interactive ('p' key) and web mode
  (Owner: Lutz Vieweg <lkv@isg.de>).
- The -p/-l flags have now different functionalities.
- Removed -L(see -l)/-d flags (too many flags = too much mess)
- Added counter for broadcast and multicast packets
- Changed the log format (-l flag)

Bugs supposed to have been fixed:
- With very busy nets some HTML pages generated by ntop are empty.
  (Owner: Frank Heinzius <frimp@mms.de>).
- Fixed throughput formula (sometimes the thput value was wrong)
  (Owner: carlier.k@js.mil.be).
- Added a check inside getHostInfo() that allows to find anyway and
  entry (the ancient one is purged in the worst case) and then
  that avoids to loop indefinitively.
  (Owner: Olaf Schnapauff <O.Schnapauff@tu-bs.de>).
- Some bars (web mode) didn't show percentages
- The screen refresh (interactive mode) should display nicely: no
  lines too long anymore. (the screen width/resize bug is still
  open).

-------------------------------------------------------------

v1.0 Mon Oct  5 16:21:54 CEST 1998

Enhancements:
- Added support for further protocols (IP and non-IP ones).
- The web interface has been redesigned
- Added support for non IP protocols hence non IP hosts are
  identified with ethernet addresses ('n' key toggles addresses
  format: symbolic <-> numeric <-> MAC <-> Nw Board Vendor)
- Added support for: NFS, Netbios (over Ethernet), X11,
  IPX, DLC/LLC, ARP/RARP, Decnet, AppleTalk.
- Added column sort for the three last columns ('y' key)
- Added log facility that records TCP/UDP sessions
- Added an online help ('h' interactive command)
  (thanks to Peter Gervai <grin@tolna.net>).

Bugs fixed:
- Fixed glith that caused ntop to create a lot of zombie processes when
  used in web mode.
- Fixed bug that prevented TCP/UDP counters to show the
  corrected values
- Fixed a but that prevented ntop to work properly on ethernet
  headerless interfaces such as the loopback interface
  (thanks to Martin Kammerhofer <dada@sbox.tu-graz.ac.at>).
- Many fixes in both ntop and configure. This is to fix some
  glithes and make the package compatible with NetBSD.
  (thanks to Kimmo Suominen <kim@tac.nyc.ny.us>).
- Fixed a glitch that prevented ntop to compile under Solaris
  2.5.x and SunOS 4.x (thanks to Peter Williams
  <williams@eisws25.jpl.nasa.gov> and Igor Schein <igor@txc.com>).

------------------------------------------------------------

v0.4 Mon Aug  3 12:49:01 CEST 1998

Enhancements:
- Added web support '-w' flag. ntop can now be started in a
 'daemon-like mode' and accessed using a conventional web browser.

Bugs fixed:
- modified some files for better compatibility with
  SunOS 4.X. (thanks to Pat Myrto <pat@rwing.com>).

------------------------------------------------------------

v0.3.1 Fri Jul 31 10:01:44 CEST 1998

Bugs fixed:
- some files contained the line #include "gnuc.h"
  instead of #include <gnuc.h> (gnuc.h is part of libpcap).
  (thanks to Daniel Ellis <dellis@frycomm.com>).
- the Makefile section related to the man page installation
  was broken (the Makefile was trying to instell ntop.1 instead
  of ntop.8). In addition the man page had a small
  typo. (thanks to Igor Schein <igor@txc.com>).
- The code that calculates the network usage percentage is
  wrong: the data sent/received percentages are inverted.
  (thanks to Davin Milun <milun@cs.buffalo.edu>).
- Fixed some problems that prevent ntop to compile nicely
  on BSD systems.  (thanks to James Ponder <james@oaktree.co.uk>).

------------------------------------------------------------

v0.3 Thu Jul 30 11:48:05 CEST 1998

Bugs fixed:
- In some cases the last column contained some junk trailer char.
  (thanks to Igor Schein <igor@txc.com>)

Enhancements:
- Whenever the user presses a valid key ('t' for instance), the
  screen update is now perfomed immediately.
- The network interface being used is not shown on the first line.
- Pressing the space bar while ntop is running, modifies the
  content of the last three columns.
- A man page has been written.
- ntop has been compiled against libpcap-0.4a7/
  (thanks to Douglas Berry <doug@cancom.net>)

------------------------------------------------------------

v0.2.2 Mon Jul 13 12:20:36 CEST 1998

Bugs fixed:
- Non IP pkts value has been fixed (it was always zero).
- Fixed hashtable bugs that caused ntop to stop working after
  some time of activity.

------------------------------------------------------------

v0.2.1 Fri Jul 10 10:07:56 CEST 1998

Bugs fixed:
- Fixed some minor C problems (shown using the -Wall compile flag)
- Fixed some minor glitches that show up on SunOS 4

Enhancements:
- enhanced the way IP packets are handled
  (thanks to Paul D. Smith <psmith@baynetworks.com>)
- Added the 'B' status flag to indicate a host that both
  sends and receives

------------------------------------------------------------

v0.2 Thu Jul  9 15:16:30 CEST 1998

Bugs fixed:
- core dump when DNS takes a lot of time to resolve addresses

Enhancements:
- added "-p" flag: traffic can now be shown in percentage
- added "-r" flag: refresh time setting
- added "-d" flag: shows/hides idle (with respect to the last refresh) hosts
            (thanks to Rui Ataide <ra@ufp.pt>)
- network throughput is now shown on the top-right corner
- the new defaults are: show local hosts/hide idle hosts
- the domain name is not shown for local hosts

------------------------------------------------------------

v0.1.1 Tue Jul  7 20:03:07 CEST 1998
Bugs fixed:
- core dump when the terminal window is too large (> 80 cols)
- ip_print: added cast to void* [this is supposed to fix
            byte alignment problems]
	    (thanks to Paul D. Smith <psmith@baynetworks.com>)
Enhancements:
- added "-l" flag: ntop lists hosts that belong to the local subnet

------------------------------------------------------------

v0.1 Tue Jul  7 09:40:06 MET DST 1998
- Initial release.

------------------------------------------------------------

1998 - Luca Deri <deri@ntop.org>