NetworkMiner 3.1
* NjRatPacketHandler.cs: Calculates MD5 has of data inside of gziped njRAT file transfers.
* NetworkMinerForm.cs: Moved "Open/Run file" further down in the context menu to reduce risk
  of accidentally executing malicious code that has been extracted from PCAP.
* ExtractedFileDetailsForm.cs: Modified file reading logic to avoid causing Mono to hang
  in Linux when showing file details.
* HttpPacket.cs: Credentials (username and password) extracted from "Proxy-Authenticate: Basic"
  requests.
* SmtpPacketHandler.cs: Client hostname extracted from SMTP EHLO / HELO headers.
* SmtpPacketHandler.cs: Improved extraction of usernames from SMTP AUTH LOGIN
* IPv6Packet.cs: Fixed IPv6 payload parsing bug when there is trailing data in a frame
* McNmfPacket.cs: Added support for MC-NMF packets, like Service Bus and Redline Stealer.
  Decompression of MC-NBFSE is not implemented though, files are extracted as compressed.
* ListViewFilterControl.cs: * Added new keyword filter mode drop down option "Not in"
  Thanks to Lukas H for this suggestion!
* NetBiosPacket.cs: Removide trailing <00> and <20> from extracted NetBIOS '*' labels
* CotpPacketHandler.cs: Protocol switch from RDP to TLS after RDP Negotiation to parse
  TLS handshake and extract hostname from SNI and X.509 certificate.

NetworkMiner 3.0
* NetworkMinerForm.cs: Added "Copy Value" menu item to context menu in hosts tab that
  only copies the value part of a selected item instead of the whole line.
* ImageHandler.cs: Image filename string matching now ignores case.
* NetworkMinerForm.cs: Added "File details" to right-click context menu on images tab.
* HttpPacketHandler.cs: Fixed bug in extraction of JSON parameters from HTTP POST requests.
* NetworkMinerForm.cs: Fixed timestamp comparison bug, so that they can be sorted on properly.
* QuicPacket.cs: Added parsing of QUIC protocol (initial packets) to enable extraction of
  hostname from SNI and JA4 fingerprints.
* KeywordFilterControl.cs: Added tool tip (on hover) to keyword filters that shows how many
  items the filter matched.
* ListViewFilterControl.cs: Updated user interface for tab filters with bigger buttons
  and tooltip popups showing number of items the filter matched.
* NetworkMinerForm.cs: Added keyword filter to credential tab.
* ExtractedFileDetailsForm.cs: Added "Show as" drop down to show file contents as ASCII,
  Hex, Unicode or UTF-8.
* NtlmSspPacket.cs: Improved extraction of hostnames from NTLMSSP (SMB/SMB2).
* PacketHandler.cs: Added TCP MSS to Host Details. Can be used to detect hosts behind a VPN.
* NetworkMinerForm.cs: Removed Anomalies tab. Windows users can still see alerts by starting
  NetworkMiner with --filelog, while Linux can use --debug to print debug, warning and error
  messages to stderr. Use "--loglevel warning" to surpress info and debug messages.
* NetworkMinerForm.cs: Output path for extracted files and captured packets changed from
  NetworkMiner's dir to "%LocalAppData%\NetworkMiner\" in Windows and
  "~/.local/share/NetworkMiner/" in Linux.
* HttpPacketHandler.cs: Added OS fingerprinting based on User-Agent strings in HTTP and HTTP/2.
* ListViewFilterControl.cs: Added context menu in most tabs to generate filters automatically
  for items in the right-clicked row.
* ModbusTcpPacket.cs: Added support for additional Modbus/TCP protocol function codes.
* UmasPacket.cs: Added basic support for Schneider Electric's proprietary UMAS protocol to
  show UMAS commands in Parameters tab and extract UMAS Device Name to host details.
* CipPacket.cs and EtherNetIpPacket.cs: Added parsing of EtherNet/IP and CIP, primarily to
  extract device identification info, such as product vendor, product name, bulletin name,
  serial number and hostname. The parser also supports extraction of tag data from Rockwell's
  proprietary version of CIP.
* RemcosPacket.cs: Added parser for Remcos RAT traffic. Tested on versions 4.4.0 to 6.1.0.
  This parser only works when Remcos isn't using TLS or if the TLS layer has been removed
  with a TLS inspection proxy.
* NjRatPacketHandler.cs: Improved desktop screenshot extraction from njRAT / Bladabindi C2.

NetworkMiner 2.9.0
* NetworkHostList.cs: Changed IP hash from 32 bit to 64 bit to minimize risk of
  collisions for IPv6 addresses. This bug would previously lead to some IPv6 hosts
  not being discovered.
* TlsRecordPacket.cs: Added JA4 fingerprint extraction to Parameters and Host Details
  from TLS traffic.
  https://github.com/FoxIO-LLC/ja4/issues/15
* FileStreamAssembler.cs: File extensions are now also identified on files transfered
  using HTTP partial transfers (Content-Range header).
* TlsRecordPacketHandler.cs: Improved x509 Subject parser to extract more accurate results
* HttpPacketHandler.cs: Added extraction of client metadata from Microsoft's Device Metadata
  Retrieval Client (DMRC), such as installed printers, attached USB devices, OS language and
  locale, OS version to Host Details.
* TzspPacket: Added decapsulation of TZSP traffic. Thanks to Jarmo Lahtiranta for requesting
  this feature!
* BackConnectPacketHandler.cs: Ignoring color profile updates when BackConnect C2 server
  tries to set a color profile that the bot rejects. Thanks to Brad Duncan and Maxime
  Thiebaut for their valuable input on this!
* SmbPacket2.cs: Added SMB2 Server GUID to Host Details and Parameters tab, so that Impacket's
  special value "41414141-4141-4141-4141-414141414141" can be seen.
  https://twitter.com/1ZRR4H/status/1762939815715058073
* DnsPacket.cs: DNS info from Additional Resource Records are now also extracted to the
  DNS tab.
* HttpPacketHandler.cs: JSON formatted request and response bodies now get parsed and contents
  shown on Parameters tab.
* GtpPacket.cs: Added parser for GTP-U to decapsulate GTP tunneled traffic.
* RmsPacket.cs: Added parser for Remote Manipulator System (RMS) from TektonIT.
* DnsPacket.cs: Multiple DNS TXT labels within the same answer record are now treated as
  separate artifacts instead of concatenating the strings.
* TzspForm: Created a TZSP sniffer, so that packets can be sniffed remotely from a MikroTik
  router in real-time.
* NetworkMinerForm.cs: Added support for copying text from Hosts tab with Ctrl+C
* NetworkHost.cs: Added latency measurement to host info. It is also possible to sort hosts
  based on latency.
* FileStreamAssembler.cs: Added StealC extractor that saves data exfiltrated by StealC, such
  as system info and screenshots.
* RfbPacket.cs: Improved extraction of keys pressed in VNC and BackConnect for layouts like
  Kana, Arabic, Cyrillic, Greek, Hebrew, Thai and Korean in VNC and BackConnect.
* NetworkMinerForm.cs: Multiple parameter names and values can be copied to clipboard at once.
* CotpPacketHandler.cs: COTP TSAP names extracted from connection request (CR) messages.
* ModbusTcpPacket.cs: Device Identification is read from function code 43 / 14 reply messages.
* ModbusTcpPacket.cs: Modified address notation for coils, discrete inputs, input registers
  and holding registers to comply with Modicon convention notation.
* NetworkHost.cs: Added cache for identified OS lookup for faster results.
* WinPCapNative.cs: Support for Npcap even if it isn't installed in WinPcap API-compatible Mode
	  
NetworkMiner 2.8.1
* CapWapPacket.cs: Fixed bug in CapWap parser for packets with T flag set to 0.
* HttpPacketHandler.cs: Added public IP address extraction from JSON bodies.
* RfbPacket.cs: Added support for screenshot extraction from VNC traffic
* NjRatPacket.cs: Added extraction of njRAT artifacts, like screenshots and modules
* BackConnectPacket.cs: Added parser for BackConnect protocol used by IcedID etc.
  This enables decapsulation of SOCKS traffic inside BackConnect.
* NetworkMinerForm.cs: Improved Images tab to support filtering and improved performance.
  Also added support for copying image data to clipboard with Ctrl+C
* HttpPacketHandler.cs: Added extraction of files sent with HTTP PUT
* BackConnectPacket.cs: Added decryption of encrypted BackConnect traffic
* SipPacket.cs: Added support for CRLF Keep-Alive messages. This could otherwise break
  SIP parsing in version 2.8.

NetworkMiner 2.8
* NetworkHostTreeNode.cs: Nodes on the Hosts tab can now be filtered using string
  or regex matching!
* TlsRecordPacket.cs: Fixed two bugs in JA3S signature, one when Server Hello has a
  Session ID length larger than zero and another when the server lists only one
  supported TLS version using the Supported Versions extension (#43).
* IEC_104_PacketHandler.cs: Added support for file transfers over IEC-104.
  Added support for several additional IEC-104 commands.
  Better representation of IEC-104 commands on Parameters tab.
  Fixed bug when AsduInformationObjectCount is actually an element count.
* FileStreamAssembly.cs: Added ability to differentiate between .EXE and .DLL
* SocketSniffer.cs: Added exception handling of SocketException ErrorCode 10040
  (WSAEMSGSIZE)
  Thanks to Ren� Perraux for reporting the issue with VMware's Large Send Offload!
* HttpPacketHandler.cs: Added CobaltStrike and Meterpreter URI chemsum8 verifier
  to indicate possible CobaltStrike/Meterpreter URIs like "/aaa9" in Host Details.
* PacketHandler.cs: Improved meterpreter DLL extraction from TCP where final payload
  is delivered in the same TCP segment as follow-on C2 comms
* NetworkMinerForm.cs: Added code to flush all TCP sessions to Sessions tab when
  all capture files have been loaded in order to also show sessions whose L7 protocol
  is still unknown. Thanks to Matt Smith for highliting this issue.
* NetworkMinerForm.cs: More accurate error message shown when user fails to capture
  packets using raw sockets on a disconnected network interface.
  Thanks to Anand Kumar Singh for notifying about this issue!
* NetworkMinerForm.cs: All SocketAdapters now get refreshed when the interface
  drop-down list is expanded in order to show if they are currently connected or not.
* TcpPacket.cs: Allow TCP sessions to the same server to switch application layer
  protocol between HTTP 1.x and HTTP/2.
* NamedPipeReader.cs: Replaced "Read from PacketCache" with generic "Read from Named Pipe".
* NetworkMinerForm.cs: Added support for copying text from selected rows by
  pressing Ctrl+C or right-click "Copy selected rows" in Files, Messages, Credentials,
  Sessions, DNS, Parameters and Keywords tabs. A maximum of 10 rows can be copied at
  a time using the free version of NetworkMiner.
* CapwapPacket.cs: Added decapsulation support for the CAPWAP protocol.
* DnsPacket.cs: Better handling of DNS packet containing multiple query records
* SocksPacket.cs: Improved parsing of traffic inside SOCKS tunnels
* FtpPacket.cs: Improved parsing speed of FTP traffic
* MacCollection.cs: Added support for oui36.csv database to identify NIC vendors from MAC.
* PacketReceivedEventArgs.cs: Ensured captured timestamps are always in UTC.

NetworkMiner 2.7.3
* TcpPortProtocolFinder.cs: Port 3000 and 8000 configured as be parsed as HTTP
  in order to support WEBrick traffic. Feature added thanks to RangeForce and
  @mttaggart.
* NetworkHost.cs: Added lock to all code using ExtraDetailsList to avoid
  "collection modified" exceptions.
* MeterpreterPacket.cs: Meterpreter payloads from common LPORT values for
  reverse_tcp like 4444 are now extracted to disk as DLL files.
* LinuxCookedCapture2.cs: Added support for SLL2 / Linux cooked capture v2 frames.
* TlsRecordPacket.cs: Fixed bug in JA3 Signature when client supports more than one
  EC point format.
* TlsRecordPacketHandler.cs: Added botnet JA3 hashes from Abuse.ch
* TlsRecordPacketHandler.cs: Added botnet SSL x509 cert hashes from Abuse.ch
* DnsPacketHandler.cs: Extraction of DNSBL lookup info to Parameters tab and Host details
* SmtpPacketHandler.cs: Improved extraction of SMTP credentials
* TlsRecordPacket.cs: Faster parsing of TLS encrypted traffic
* HttpPacketHandler.cs: Added support for HTTP CONNECT request method to parse proxied
  traffic.
* NetworkMinerForm.cs: NetworkMiner's GUI no longer reloads between each PCAP file when
  multiple files are loaded at once.

NetworkMiner 2.7.2
* FtpPacket.cs: Added support for additional FTP commands, such as AUTH.
* EtlParser.cs: NetworkMiner now supports reading of ETL files created with
  "netsh trace start" and "pktmon start --capture"! This feature is only
  available in Windows though, since we're relying on Windows specific API calls for
  parsing ETL files.
* Erspan.cs: Added support for ERSPAN. Thanks to Markus Schewe for the feature request!
* NetworkMinerForm.cs: Parameters tab now has a context menu entry for
  "Submit value to CyberChef", which sends the parameter value to
  https://gchq.github.io/CyberChef/

NetworkMiner 2.7.1
* PacketHandler.cs: Fixed bug related to live sniffing. Thanks to Jeff Rivett for
  reporting the issue!

NetworkMiner 2.7
* WinPCapWrapper.cs: Changed int pointers to 64 bit values in order to handle WinPcap
  and npcap drivers correctly.
  Thanks to Jeff Rivett for reporting the issue!
* Smb2PacketHandler.cs: Added requested SMB2 filename info from SMB2 Create Requests
  and error messages from negative SMB2 responses to Parameters tab.
* Smb2Packet.cs: Better extraction of SMB2 file transfers by extracting End-of-File
  values from Smb2CreateResponse.
* LpdPacket.cs: Added support for Line Printer Daemon Protocol (RFC1179).
  Thanks to Hayo Brouwer (of Ricoh) for helping out with capture files!
* NetworkTcpSession.cs: Modified TCP Keepalive handling to support protocols
  that transmit 1 byte TCP payloads containing a 0x00 byte (like LPD).
* TcpPacket.cs: Changed GetSubPackets function to allow application layer packets
  with only one byte of L7 data to be returned.
* SatoriTcpOsFingerprinter.cs: Improved performance by indexing fingerprints based
  on TCP flags.
* HttpPacketHandler.cs: Generic extraction of files sent with HTTP POST, including
  WAP.MMS messages. More files are now extracted from HTTP POST uploads.
* DnsPacket.cs: Added extraction of TXT records to DNS tab
* DnsPacket.cs: Added extraction of SRV records to DNS tab
* NetworkMinerForm.cs: Double-clicking on a file now opens up the file details window
* ExtractedFileDetailsForm.cs: Added hex viewer to file details window
* FileStreamAssembler.cs: The file extension is now identified based on the contents
  of the file's header (fewer "octet-stream" files, more ".exe" and ".zip" etc.)
* NetworkMinerForm.cs: Added warning message when trying to open/run an executable
  file with right-click -> "Open file"
* TlsRecordPacket.cs: Extraction of JA3S hashes from TLS Server Hello packets to
  Parameters tab and Host Details
* PcapParser.cs: Added support for nanosecond PCAP files


NetworkMiner 2.6

* KerberosPacketHandler.cs: Better extraction of Salt from Kerberos ERROR packets.
* NtlmSspPacketHandler.cs: Added John-the-Ripper formated extraction of LanMan, NTLMv1
  and NTLMv2 challenge/response hashes
  LanMan example: $LM$A9C604D244C4E99D
  NTLMv1 example: $NETNTLM$1122334455667788$B2B2220790F40C88BCFF347C652F67A7C4A70D3BEBD70233
  NTLMv2 example: $NETNTLMv2$NTLMV2TESTWORKGROUP$1122334455667788$07659A550D5E9D02996DFD95C87EC1D5$0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000
   - LM (hashcat "-m 3000")
   - NETNTLM (hashcat "-m 5500")
   - NETNTLMv2 (hashcat "-m 5600")
* HttpPakcetHandler.cs: Improved extraction of json data sent in HTTP(2) POST requests.
  Now with support for Content-Encoding: gzip
* Ethernet2Packet.cs: added support for Transparent Ethernet decapsulation for GRE tunnels
* PcapParser.cs: Added support for Fritzbox captures (PCAP_MODIFIED_MAGIC = 0xa1b2cd34).
  Thanks to Jan Hesse for the feature request:
  https://twitter.com/clientjs/status/1255112064210743296
* MultiPart.cs: Improved parsing of quotes in email headers.
  Thanks to Mandy van Oosterhout for reporting the bug!
* ImapPacketHandler.cs: Ignoring FETCH results for partial emails (from BODY.PEEK) except
  when email headers are sent.
* MessageEventArgs.cs: Increased max Subject length from 50 to 100 characters
* FtpPacket.cs: Support for Extended Passive Mode (EPSV) in FTP
* SystemHelper.cs: Added workaround for bug introduced with Mono 6 that would otherwise
  prevent opening files, folders and websites in external tools under Linux/OSX.
  https://github.com/mono/mono/issues/17204
  https://github.com/dotnet/runtime/issues/28005
  https://github.com/dotnet/runtime/issues/23877
* PacketHandler.cs: ExtractMultipartFormData() was modified to save MIME multipart chunks
  to disk when the data is truncated in Parameters tab due to being too large (>250 bytes).
* HttpPacketHandler.cs: The hostname is extracted from the HTTP header "Onion-Location"
  to show onion domains of hosts in the Hosts tab.
* NetworkMinerForm.cs: The Messages tab filter now also performs keyword matching against
  attachment filenames.
* SipPacketHandler.cs: SIP chat messages [RFC3428] are extracted to the "Messages" tab.
  Audio extraction of VoIP calls is still a feature that is exclusively available only
  in NetworkMiner Professional though.
* HttpPacketHandler.cs and Http2PacketHandler.cs: The HTTP header "Accept-Language" and
  HTTP/2 header "accept-language" are extracted to the "Hosts" tab, under "Host Details".
  This supports forensic analysis of user language settings, as shown by Fox-IT here:
  https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
* HttpPacketHandler.cs: Improved extraction of Certificate Revocation List (CRL) files.
* NetworkMinerForm.cs: Messages tab now uses the local environment's default newline
  characters to improve readability of reassembled emails.
* ByteConverter.cs: Newline characters are now preserved when reading Quoted Printable
  encoded text with non-escaped newline characters.
* MultipartPart.cs: Added RFC 822 "unfolding" to support multi-line header fields in
  emails, HTTP POSTs and other protocols using MIME encoded data.

NetworkMiner 2.5

* NetworkCredential.cs: Improved extraction of username/password credentials from
  HTTP POST requests.
* Added regex filtering to keyword search function in most tabs as a more powerful
  alternative to plain string matching.
* Upgraded from .NET 4.6.1 to .NET 4.7.2
  Requires Mono 5.4 (or later) in order to run in Linux or MacOS.
  You will otherwise get a System.TypeLoadException
* Parsing of AAAA DNS records (IPv6 addresses)
* Parsing of HTTP/2 when SSL/TLS isn't used (use PolarProxy to generate unencrypted HTTP/2)
* Parsing of DNS-over-HTTPS (DoH) when SSL/TLS isn't used
* DnsPacketHandler.cs: Support for DNS packets over TCP
* Improved NetBIOS Name Service (nbns) parsing. Details are extracted to the
  "Parameters" tab. Thanks to @CRaiterCBus for the idea:
  https://twitter.com/CRaiterCBus/status/1143963147491037186
* Name-value parameters from JSON formatted HTTP POST requests
  (Content-Type: application/json) are extracted to the "Parameters" tab and potential
  credentials are shown on the "Credentials" tab.
* TlsRecordPacket.cs: Added JA3 support. Client JAR3 hashes are shown in the
  parameters tab an in Hosts Details.
* SmbPacket.cs: Improved parsing of non-unicode "Native OS" strings from
  SetupAndXResponse messages.
* KerberosPacketHandler.cs: Extraction of Kerberos hashes from network traffic.
  The hashes are shown on the "Credentials" tab in John/hashcat format. John-the-ripper
  users must use the "jumbo" version to avoid getting this error message:
  "No password hashes loaded (see FAQ)"
  Supported Kerberos message types include:
   - krb5pa (hashcat "-m 7500")
   - krb5tgs (hashcat "-m 13100")
   - krb5asrep (hashcat "-m 18200")
* KeywordFilterControl.cs: Email body and header search is restored again after
  having been broken in version 2.4.
* CifsBrowserPacket.cs: Added parser for CIFS Browser Protocol (aka MS-BRWS)
  in order to extract hostnames, windows versions and uptime. Thanks to @dan_gunter
  for the idea!
* Email.cs: Fixed bug/crash due to invalid filename being specified in Content-Type
  MIME header. Thanks to @chrissistrunk for reporting the issue!
* TcpPortProtocolFinder.cs: Added support for changes in application layer protocol
  within a TCP session. This enables STARTTLS commands in FTP, IMAP and SMTP to activate
  the SSL/TLS parser.
* ImapPacketHandler.cs: Improved extraction of emails from "FETCH" commands for
  multiple emails and email header downloads with "UID FLAGS BODY[HEADER]".
* MessageEventArgs.cs: Added size column to "Messages" tab

NetworkMiner 2.4

	* Smb2PacketHandler.cs: Mixed up Source and Destination hosts for SMB reads and
	writes are corrected.

	* MacAges.cs: Added support to lookup the age of a MAC address thanks to HD Moore!
	https://twitter.com/hdmoore/status/1046563911972130819

	* NetBiosSessionService.cs: Added detection for EternalBlue exploit attempts where
	srvnet.sys is triggered to allocate a "large" nonpaged pool.
	Example PCAP files can be found here:
	https://www.malware-traffic-analysis.net/2018/10/04/index.html
	https://www.malware-traffic-analysis.net/2018/08/17/index.html
	https://packettotal.com/app/analysis?id=c8850b1fe07572c82c6fac5db5aae0c9&name=community_tags
	https://packettotal.com/app/analysis?id=8d2fdb7698c27e32e88bde809c89216f

	* SatoriTcpOsFingerprinter.cs: Added OS fingerprint signatures for Industrial control
	System (ICS) devices, like Siemens S7, ABB 800xA and Moxa. Some ICS vendors even got
	a logo as icon in the Hosts tab, others got a yellow hard hat.

	* KerberosPacket.cs: Implemented support for Kerberos v5 in order to extract usernames,
	hostnames and realms (domains) from unencrypted Kerberos requests/responses on port 88
	as well as inside HTTP auth headers and SMB security blobs.

	* TcpPortProtocolFinder.cs: Added TCP 11371 as a port for HTTP in order to extract
	GPG keys sent over the HKP protocol. Thanks to Jonas Lejon for the idea.

	* DnsRecordEventArgs.cs: Added support for parsing DNS queries/responses sent over IPv6

	* Email.cs: Added support for "Format=Flowed" attributes in emails (RFC 2646) and
	better handling of non-standard line feeds to make plaintext emails more readable.

	* MultipartPart.cs and Email.cs: Unicode MIME data is converted to ASCII, when running
	NetworkMiner using Mono (typically in Linux), in order to avoid a crash caused by
	Mono's GDIPlus implementation. Thanks to Phil Hagen for notifying us about the crash.

	* NetworkMinerForm.cs: Improved Drag-and-Drop operations to work more reliably
	also in Linux, when running NeworkMiner with Mono. Previous versions would throw
	a NullReferenceException in System.Windows.Forms.X11Dnd+TextConverter.SetData.

	* NetworkMinerForm.cs: Added links between hosts with the same MAC address in the
	network host tree view. This feature is useful to link a host's IPv6 and IPv4 IPs
	with eachother. Expand the MAC address node to see the links. Thanks to Chris Sistrunk
	for the initial idea!

NetworkMiner 2.3.2

	* Email.cs: Emails without a body (but maybe an attachment) are now also extracted
	to the Messages tab.

	* NetworkMinerForm.cs: More debug output written when starting NetworkMiner with the
	--debug, --eventlog or --filelog argument.

NetworkMiner 2.3.1

	* NetworkTcpSession.cs: Fixed ToString() NullReferenceException bug when expanding
	Incoming or Outgoing sessions in the Hosts tab. Thanks to tokyoneon for reporting
	this bug!

	* TlsRecordPacketHandler.cs: Added support for reading handshakes (typically X.509
	certificates) that are fragmented into multiple TLS records. Thanks to Peter Wu
	for reporting this bug!

	* NetworkMinerForm.cs: Setting a text size larger than 100% in Windows 7 previously
	yielded a bad layout of the GUI. This bug has been resolved in this version. Thanks
	to Chris Sistrunk for reporting it!

NetworkMiner 2.3

	* NetworkMinerForm.cs: Added detected keywords count to the Keywords tab. Thanks
	to Mats Karlsson for the feature suggestion!

	* NetworkMinerForm.cS: NetworkMiner now prevents reloading of files in the current
	case while it is busy parsing a PCAP file. Thanks to Mats Karlsson for the feature
	suggestion!

	* NetworkMinerForm.cs: The keyword list has been resized to always fit the window
	and the [Del] key can be used to remove marked keywords. Thanks to Michael Nilsson
	for reporting this bug and suggesting the new feature.

	* NetworkMinerForm.cs: Added drag-and-drop ability to case files section, so that
	a PCAP file opened with NetworkMiner can be opened with another application	or
	copied to a folder simply by dragging and dropping from the case panel.

	* FileSegmentAssembler.cs: Added ability to reassemble files when all data has been
	received, but the file handle isn't being closed. This applies in particular to SMB
	and SMB2 read and writes, such as these ones:
	https://401trg.pw/an-introduction-to-smb-for-network-security-analysts/

	* TlsPacketHandler.cs: Supported SSL/TLS versions and ALPN's are now extracted from
	the SSL handshake records and presented on the Parameters tab.

	* TlsRecordPacket.cs: Fixed bug regarding Session ID's in Client Hello messages.
	Thanks to Ahmad Nawawi for discovering this bug!

	* HttpPacket.cs: Added support for multiple Set-Cookie headers in HTTP a response.

	* SmtpPacketHandler.cs: Improved extraction of emails to Messages tab.

	* IEC_60870_5_104Packet.cs: Fixed year parsing bug in IEC-104 protocol. Years that
	can be represented now ranges from 2000 to 2099. Wireshark uses 1970 to 2069.
	Thanks to Sigurd Mytting for finding and reporting this bug!

	* ByteConverter.cs: Strings are no longer automatically terminated on null bytes
	unless they are explicitly defined as null terminated strings.

	* ModbusTcpPacket.cs: Added parser for Diagnostic option codes.

	* SipPacket.cs: Added extraction of call details (From, To and Call-ID) to the
	Parameters tab. The Pro version of NetworkMiner additionally extracts the audio.

	* SnmpPacket.cs: SNMP packets are parsed in order to extract the community string
	from SNMPv1 and SNMPv2c packets. The community strings are show on the Parameters
	and Credentials tabs. Thanks to Chris Sistrunk for suggesting this feature!

	* IPv4Packet: IPv4 packets with broken IP headers are now ignored by NetworkMiner.
	Thanks to Doug Green for discovering and reporting this bug!

	* GuiProperties.cs: Default timezone is now set to UTC rather than the local zone.

NetworkMiner 2.2

	* Upgraded to .NET framework 4.0! Requires the newer .NET framework in Windows
	  or Mono runtime 4.* in Linux/macOS.

	* GuiProperties.cs: All timestamps are shown in the "yyyy-MM-dd HH:mm:ss" format
	with time zone explicitly stated.

	* NetworkMinerForm.cs: Added Pokemon Exception Handling to all DoDragDrop calls.

	* NetworkMinerForm.cs: Fixed the count in the credential tab when checkboxes like
	  "Mask password" are used. Thanks to Sebastian Gebhard for reporting thus bug at
	  Troopers '17.

	* NetworkMinerForm.cs: Removed Invoke calls to GUI thread in order to speed up
	  parsing when there are many GUI updates.

	* NetworkMinerForm.cs: Changed to using AddRange when updating GUI to display more
	items faster, especially in Linux.

	* SatoriTcpOsFingerprinter.cs: Improved TCP handshake OS fingerprint speed.

	* OpenFlowPacket.cs: Fixed alignment for frames encapsulated in OpenFlow 1.2/1.3
	PacketIn commands. Thanks to Jeff Carrell for providing a pcapng file that could be
	used to debug this issue.

	* SmbPacket.cs: Improved parsing of chained SimpleAndProtectedGssapiNegotiation
	(SPNEGO) tokens in SMB1 and SMB2, such as NTLM SSP usernames.

	* NtlmSspPacketHandler.cs: Domain name is now displayed in Credetials tab for SMB
	authentication attempts.

	* Logger.cs: Added optional debug logging with command line arguments:
		  --debug		Logs to standard out
		  --eventlog	Logs to Application EventLog
		  --filelog		Logs to text file in IsolatedStorage
	
	* TftpPacket.cs: Added frame length check to ReadNullTerminatedString.
	Thanks to Clint Page for reporting this bug and suggesting a fix!

	* KeywordFilterControl.cs: The search function in Messages tab now searches all
	email header fields as well as the email body for the keyword provided in the filter
	field. Thanks to Marc Lindke for suggesting this feature at Troopers '17!
	
	* KeywordFilterControl.cs: Drop-down list added so user can select a specific column
	to match on unless all columns should be searched (default).

	* ReceivePcapOverTcpForm.cs: Added functionality to receive PCAP-over-IP by connecting
	to a remote netcat listener. Thanks to Niclas Hirschfeld for suggsting this feature
	at Troopers '17!

	* UpdateCheck.cs: Added update check to see if there is a new version of NetworkMiner
	available for download. The update check can be disabled by adding a --noupdatecheck
	switch to the command line when starting NetworkMiner.

NetworkMiner 2.1.2

	* PacketHandler.cs: Made OnCredentialDetected private to ensure that all credential
	detected calls are made to the AddCredential so that they can be filtered in the GUI.

	* FileStreamAssembler.cs: Partial downloads are saved in case they are downloaded
	using a range request, so that multiple individual parts can be put back together
	later on.

	* ExtractedFileDetailsForm.cs: Adjusted column width in file details window.

NetworkMiner 2.1.1	2017-01-19
	* networkminericon.ico: Higher resolution icon (256x256).

    * HttpPacket.cs: Added UTF-8 decoding of filenames in Content-Disposition header in
	accordance with RFC 6266 and RFC 5987.

	* HttpPacket.cs: Added support for multiple whitespace characters separating HTTP
	header names from values.

	* FileStreamAssemblerList.cs: Added queueing of HTTP 1.1 requests when there are
	multiple requests sent before a reply is received.

	* PacketHandler.cs: Support for assembling of HTTP GET file streams not ending at
	a TCP packet boundary.

	* NetworkMinerForm.cs: Changed order of columns in Files tab.


NetworkMiner 2.1	2017-01-02
	* Smb2Packet.cs: Added support for SMB2 Find searches with "NameInfo" format.
	Thanks to Dietrich Hasselhorn for finding this bug.

	* FileStreamAssembler.cs: Added fix to avoid long filenames (Windows only supports
	paths up to 248 characters) when the filename is derived from the Content-Disposition
	header sent by the web server. Thanks for Christian Reusch and Jasper Bongertz for
	finding and reporting this bug!

	* PacketHandler.cs: Extracted files are now timestomped so that the last write
	time of the file will be the timestamp in the PCAP when it was transfered. Thanks to
	Dietrich Hasselhorn for recommending this feature.

	* NetworkMinerForm.cs: No longer crashes if a non-existing PCAP file is provided as
	a command line argument.

	* PacketHandler.cs: Pop-up window is shown with warning if user does not have write
	permissions to the AssembledFiles directory (common problem if NetworkMiner is placed
	in the "C:\Program Files" directory).

	* NetworkMinerForm.cs: Support for reading packets from a local PacketCache service.
	For more information about PacketCache, please visit http://packetcache.com

	* NetworkMinerForm.cs: Files and images are no longer moved as a result of a drag-
	and-drop operation. Default action is always to copy the file to the target location.

	* NetworkMinerForm.cs: Images can be opened through double-clicking and the zoom
	level of images in the Images tab can be changed.

	* NetworkMinerForm.cs: Images can now be opened in their default viewer by double-
	clicking them.

	* VxlanPacket.cs: Added support for VXLAN decapsulation.

	* OpenFlowPacket.cs : Added support for OpenFlow decapsulation.

	* NetworkMinerForm.cs: HostDetails in Hosts tab now shows VLAN ID.

	* IcmpPacket.cs: Added simple ICMP parser

	* PartialFileAssembler.cs: Added support for HTTP "206 Partial Content" a.k.a
	"Range Requests" or "Byte Serving", so that partial downloads can be reassebled.

	* FileDetailsForm.cs: MD5 / SHA1 / SHA256 hashes can be calculated via the context
	menu in the "Files" tab (right-click an extracted file to get the menu).

	* SmbPacket.cs: A remake of the SMB handling in order to parse pipelined/chained
	AndX requests/responses. Thanks to Eddi Blenkers for highlighting their existance!

	* TlsRecordPacket.cs: Extraction of TLS host name extension, formally known as
	Server Name Indication (SNI) in RFC 6066.

	* TlsRecordPacketHandler.cs: Details from X.509 certificates are extracted to the
	Parameters tab, including certificate subject, issuer, hash and validity period.

	* SocksPacket.cs: Support for decapsulation of the SOCKS protocol. Can even be used
	to analyze Tor SOCKS proxy traffic to/from localhost TCP 9150.

	* Pop3Packet.cs: Added extraction of emails and attachments from unencrypted POP3
	traffic.

	* SmtpPacket.cs: Improved SMTP email extraction engine. Also added support for
	extraction of X.509 certificate when STARTTLS is used.

	* ImapPacket.cs: Implemented IMAP parser to extract credentials, emails and
	attachments from IMAP traffic. Also support for X.509 certificate extraction
	when STARTTLS is used.

	* FtpPacketHandler.cs: Support for X.509 certificate extraction when doing AUTH TLS,
	i.e. Explicit TLS or Explicit SSL.

NetworkMiner 2.0	2016-02-09
	* HttpPacketHandler.cs: The ".octet-stream" or "x-msdos-program" extensions are no
	longer appended to ".exe" files downloaded over HTTP (warning for those doing live
	malware analysis on Windows machines).

	* NetworkMinerForm.cs: GUI flickering is heavily reduced when loading PCAP files
	or doing live sniffing. This also improves the performance slightly.

	* NetworkMinerForm.cs: SMTP attachments are now showed in the Messages tab.

	* NetworkTcpSession.cs: Improved ability to handle truncated TCP sessions where
	the initial part is missing and there are TCP Keep-Alive packets. Thanks to
	Shchemelev Dmitry for reporting this bug.

	* SmtpPacketHandler.cs: Added support for extracting multiple SMTP sessions from
	a single TCP session. This feature is important in order to extract emails sent
	through a SPAM-run. Thanks to Andrew Brant (@threatresearch) for reporting this
	bug.

	* SmtpPacketHandler.cs: Improved extraction of SMTP user names sent directly with
	AUTH command like: "AUTH LOGIN aGVqaG9wcEBpbnRlcm5ldC5zZQ==".

	* SmtpPacketHandler.cs: All emails are extracted in raw format (with SMTP headers
	intact) to an .eml file.

	* NetworkMinerForm.cs: Removed tabControl1_MouseDown handler to avoid unwanted
	drag-and-drop operations.

	* IEC-104_PacketHandler.cs: Added ASDU Type ID 36 to IEC 60870-5-104 handler.

	* NetworkMinerAboutBox.cs: Added EULA text to about box.

	* PacketHandler.cs: Added OS fingerprinting of Android

	* PacketHandler.cs: Separated "Apple iOS" fingerprints from "Mac OS"

	* FtpPacket.cs: Added "OPTS" as a supported FTP command and proper parsing of
	multi-line replies.

	* NetworkMinerForm.cs: Added all-words.txt as default wordlist for Cleartext
	tab.

	* NetworkMinerForm.cs: Added extraction of favicon images from HTTP.

	* NetworkMinerForm.cs: Added alternative encodings for displaying messages in
	NetworkMiner's "Messages" tab.

	* KeywordFilterControl.cs: Added "Keyword filter" to the following tabs:
	 - Files
	 - Parameters
	 - DNS
	 - Messages
	 - Sessions
	The keyword filter allows rows to be filtered based on a keyword. The entered
	keyword is matched against all text in all columns of the tab. This new feature
	has been requested by many users in the past, so it's great to finally have it
	implemented!

	* HttpPacketHandler.cs: Previously assembled data sent in an HTTP session is
	now flushed out to disk when a new file assembler is created for Multipart MIME
	HTTP POSTs. Thanks to Shchemelev Dmitry for finding this bug.

	* PacketParser.Mime.UnbufferedReader.cs: Default encoding is now assumed to be
	UTF8 when parsing binary data as strings. This is useful for example when
	files sent with HTTP POST have unicode file names and the browser encodes the
	filename parameter value with UTF8.
	Thanks to @xredumb for finding and reporting this bug!

	* NetworkTcpSession.cs: Increased allowed level of "out-of-order" for packets.
	Every uni-directional stream now allows packets to be 256 frames "late"
	within a TcpDataStream.

	* ModbusTcpPakcet.cs: Added support for Modbus/TCP protocol, as requested by
	attendees at the 4SICS 2014 conference (4sics.se).

	* FileStreamAssembler.cs: Changed path of reassembled files from:
	"AssembledFiles/HTTP - TCP 80/<directory>/<filename>"
	into:
	"AssembledFiles/TCP-80/<directory>/<filename>"

	* HttpPacketHandler.cs: Added HTTP request methods and URI's to Parameters tab
	as well ass HTTP response status codes and headers

	* NetBiosSessionService.cs: Defaulting to RAW transport type for NetBIOS when
	source or destination port is 445. Allows for larger NetBIOS messages.

	* Smb2Packet.cs: Added parser for SMB2 protocol.

	* FtpPacketHandler.cs: Uploaded files are now reassembled under the FTP server
	host's folder.

	* DnsPacket.cs: Bug in parsing of DNS answer records when the record contains
	the queried domain name instead of am relative offset to the query-record.
	Thanks to Ulf Skoglund of FM CERT fame for reporting this bug!

	* NetBiosSessionService: Even more command types are now supported, thanks
	to feedback from Eric Kollmann.


NetworkMiner 1.6.1	2014-06-24
	* ReceivePcapOverTcpForm.cs: Removed call to Application.DoEvents() to make
	PCAP-over-IP feature more reliable.

	* NetworkMinerForm.cs: Removed calls to Application.DoEvents().

NetworkMiner 1.6	2014-06-16

	* DnsPacket.cs: Added error handling of recursive DNS Name Labels that
	contains a forever-loop pointer. Thanks to Dan Eriksson (of FM CERT fame)
	for notifying us about this bug!

	* NetworkMinerForm.cs: Removed sniffing capability from GUI when running
	NetworkMiner under Mono (in Linux for example). Users should instead use the
	PCAP-over-IP feature to perform live sniffing in Linux, OSX etc.

	* NetworkMienrForm.cs: Files and images can now be drag-and-dropped to any
	desired application or location directly from the "Files" and "Images" tabs
	in the GUI.

	* SmtpPacketHandler.cs: Improved extraction of SMTP e-mails and attachments

	* Rfc2047Parser.cs: Added simple parser for RFC 2047 encoding in order to
	properly parse strings in SMTP headers, such as subject lines and attachment
	filenames.

	* PcapFileWriter.cs: Increased file buffer size to 8MB for improved performance

	* PacketHandler.cs: Increase packet queue size to 16000 packets for live
	sniffing

	* NetworkHost.cs: Fixed OS fingerprinting mixup where Apple iOS was
	confused with Cisco IOS.

	* DnsPacket.cs: Added DNS response error messages like NXDOMAIN and
	SERVFAIL to DNS tab. Thanks to Lenny Hansson for the idea!

	* PcapOverIP: Moved PCAP-over-IP implementation from the Professional
	edition of NetworkMiner into the Free Open Source version.

	* PcapStreamReader.cs: Improved performance of backgroundStreamReader by
	making sleep durations adaptive. This has significant impact on computers
	and VM's with limited CPU resources.

NetworkMiner 1.5	2013-09-10	Erik Hjelmvik

	* ErfFrame.cs: Added support to parse pcap files containing Extensible
	Record Format (ERF) frames.

	* PointToPointOverEthernetPacket.cs: Added PPPoE protocol parser.

	* PointToPointPacket.cs: Improved PPP parser to support non-HDLC type PPP
	packets. Example: "AOLTraffic_00000_20071029163901.pcap" from pcapr.net

	* NetworkMinerForm.cs: Added feature to load keywords from text file.
	
	* FileStreamAssembler.cs: Fixed directory traversal vulnerability. Thanks
	to Alyssa Milburn for discovering and notifying us regarding this vulnerability!

	* FileStreamAssembler.cs: Improved exception handling, especially for SMTP
	Thanks to Jonas Lejon for supplying captured packets that triggered the
	exception!

	* NetworkWrapper.Utils.Security.cs: Added detection of DLL Injection.
	Thanks to Ucha Gobejishvili for reporting this vulnerability!

	* NetworkMinerForm.cs: Fixed NullReferenceException when masking credentials
	with null values. Thanks to Claus Valca for finding this bug.

	* UdpPortProtocolFinder.cs: Added parsing of LLMNR DNS queries over UDP 5355

NetworkMiner 1.4.1	2012-08-29	Erik Hjelmvik
	
	* PacketHandler.cs: Now allowing large "virtual" frames for reassembled
	TCP streams.

	* IEC-104_PacketHandler.cs: Fixed confusion about what TCP endpoint a command
	is sent from when server and client have the same IP.

NetworkMiner 1.4	2012-08-12	Erik Hjelmvik

	* DhcpPacketHandler.cs: DHCP option data is now extracted to the parameters
	tab. Thanks to Paul Cockayne for the idea.

	* IPv4Packet.cs: Fragmented IPv4 packets are now properly reassembled to
	full IP packets with payload.

	* IEC_60870-5-104Packet.cs: Implemented the SCADA protocol IEC 60870-5-104.
	Thanks to Aivar Liimets from Martem for his great support on this one!

	* PacketHandler.cs: Added proper timestamps to detected anomaly events and
	improved ARP poisoning reporting to anomalies tab.

	* NetworkMinerForm.cs: Verification of file extention is completely removed.
	Files with any extention can now be loaded, as long as they are valid
	libpcap files.

	* NetworkMinerForm.cs: Added "Clear GUI" button to Tools menu.

	* NetworkMinerForm.cs: Added option to show/hide cookies, NTLM challenge-
	responses as well as the ability to mask passwords in credentials tab.
	
NetworkMiner 1.3	2012-04-12	Erik Hjelmvik

	* NullLoopbackPacket.cs: Added support for the Null / Loopback link layer
	packets used when sniffing localhost on BSD operating systems.

	* NetworkTcpSession.cs: Modified getter for FinPacketReceived to solve the
	bug found by TCB13.

	* HttpPacket.cs: Added extraction of usernames from Digest Authorization
	such as those found in web_recon.pcap in:
	http://uscc.cyberquests.org/february2012.php

	* HttpPacketHandler.cs: Added HTTP headers to Parameters tab.

	* HttpPacketHandler.cs: Added HTTP X headers, such as x-up-calling-line-id
	and HTTP_X_UP_CALLING_LINE_ID, to host details under ExtraDetails.

	* NetworkMinerForm.cs: Added support to load .raw files as pcap files, such
	as those generated from Sguil. Thanks to Doug Burks for the idea!

	* NetworkMinerForm.cs: Disabled nag-dialogue-box about WinPcap not being
	installed on startup since NetworkMiner is primarily designed to be a pcap
	parser rather than a sniffer.

	* StringManglerUtil.cs: Added support to handle null strings in
	GetExtension function.

	* MultiPart.cs: Added exception handler to ReadHeaderAttributes function
	to avoid exceptions from negative length Substring calls.

	* NetworkMinerForm.cs: Added the option of selecting a different cleartext
	database file in the "Cleartext" tab. This feature can be used in order to
	for example look for text in a specific language.
	
	* IPv4Packet.cs: Error handling of IP packets with fragment offset > 0.
	Thanks to Aivar Liimets for finding this bug.

NetworkMiner 1.2	2011-11-19	Erik Hjelmvik

	* Updated directory separators to be platform independent. This means that
	NetworkMiner can now be run on Linux, Mac etc. with Mono:
	http://www.mono-project.com/
	
	* PcapStreamReader.cs: Updated exception handling to cope more nicely with
	end-of-stream issues, such as PCAP files cut in the middle of a frame.
	Thanks to James Lay for identifying this bug.

	* SmtpPacketHandler.cs: Added exception handler to fileData.AddRange() call

	* PartBuilder.cs: Added support for extracting data from non-multipart data

	* HttpPacketHandler.cs: Added support for extracting emails from AOL webmail
	as in here: http://forensicscontest.com/2011/10/11/puzzle-10-the-l33t-pill

	* GrePacket.cs: Added GRE protocol implementation.

	* PacketHandler.cs: Added code to extract messages from unencrypted
	SquirrelMail webmail, comments on Wordpress and comments on Blogspot.

	* NetworkCredential.cs: Unencrypted login credentials to SquirrelMail
	webmail are now extracted to the credentials tab.

	* HttpPacketHandler.cs: Updated "Details" column in "Files" tab to display
	[http.host][http.request.uri] insted of just [http.request.uri].

NetworkMiner 1.1	2011-09-15	Erik Hjelmvik

	* NetworkMinerForm.cs: Fixed so that one or multiple pcap files can be
	loaded on startup by drag-n-droping them onto NetworkMiner.exe. Same thing
	goes for when providing pcap files as command line arguments.

	* PacketHandler.cs:
		- Fixed concurrency issues by locking the correct queue object. Thanks to
		  psteier for being first to find and solve this bug!
		- Added new PacketHandler for NetBiosSessionService

	* PointToPointPacket.cs: Added support for PPP frames in pcap files, such
	as this one: http://www.pcapr.net/view/tyson.key/2009/8/2/13/Social_Networks_and_RSS_00005_20090929212859.html

	* SmbCommandPacketHander.cs: Added FileID to assembler's ExtendedFileId in
	order to support multiple simultaneous SMB file transfers over the same TCP
	session. Thanks to I S for reporting this bug!

	* NetBiosSessionService.cs: Implemented interface ISessionPacket and added
	support for the NetBios Session Service session keep-alive message

	* WinPCapNative.cs: Changed CallingConvention to Cdecl

	* PcapFileReader.cs: Added a more generic base class "PcapStreamReader" that
	PcapFileReader extends to parse a FileStream rather than an IO-stream.

	* HttpPacketHandler.cs: Added support to extract data submitted to Google
	Analytics into "Host Details". This includes attributes like:
	 - Screen resolution
	 - Color depth
	 - Browser language
	 - Flash version


NetworkMiner 1.0	2011-02-05	Erik Hjelmvik

	* FileStreamAssembler.cs: Implemented support to avoid reserved file and folder
	names such as COM2, LPT1 and CON for files extracted to disk.

	* SmtpPacket.cs: Extended the protocol parser to handle multiple requests and
	responses in a single SMTP packet.
	
	* TlsRecordPacketHandler.cs: Improved parsing of SSL/TLS traffic to use the
	underlying TCP stream properly in order to handle TLS record breakes on
	non-even TCP packet boundaries.

	* TcpPortProtocolFinder.cs: Added more default TCP service ports: 8021=FTP,
	5223+8170+8443+9001+9030=SSL

	* Converted Visual Studio project to Visual C# 2010 format, .NET framework
	is still let back in 2.0 so that NetworkMiner will be able to run on as
	many machines as possible.

	* Improved TCP reassembly to support out-of-order TCP segments that are
	paritally overlapping.

	* NetworkTcpSession.cs: Modiefied FinPacketReceived to require a FIN in each
	direction in order for the session to be closed.
	
	* FtpPacketHandler.cs: File sizes are extracted from the FTP control session
	and stored to the file stream assembler object for better file size precision.

	* PacketFactory.cs: Added support for Per-Packet Information header
	(WTAP_ENCAP_PPI) as used by Kismet and sometimes Wireshark WiFi sniffing.

	* PacketHandler.cs: Added extraction of Facebook as well as Twitter messages
	into the message tab. Added support to extract emails sent with Microsoft
	Hotmail (I.e. Windows Live) into Messages tab.

	* NetworkCredential.cs:
		- Added extraction of twitter passwords from when settings are changed.
		Facebook user account names are also extracted (but not Facebook
		passwords).
		- Added extraction of gmailchat parameter from cookies in order to
		identify users through their Google account logins.

	* MacCollection.cs: Fixed bug with incorrect NIC vendor extraction. Also
	added support for the original IEEE OUI file format as used in:
	http://standards.ieee.org/regauth/oui/oui.txt

	* SyslogPacket.cs: Added protocol parser for Syslog. Syslog messages are
	displayed on the Parameter tab.

NetworkMiner 0.92	2010-05-27	Erik Hjelmvik

	* ChangeLog: Added this ChangeLog file to the project. I also added some info
	about the previous two releases.
	
	* NetworkMinerForm.cs: Added Extension column to files list
	
	* NetworkCredential.cs: Added support to extract login credentials from the
	AfterLogic AJAX based webmail service.
	
	* NetworkTcpSession.cs: Improved server detection when the TCP 3-way
	handshake is missing in a TCP session by looking at TCP port numbers for known
	protocols.


NetworkMiner 0.91	2009-11-22	Erik Hjelmvik

	* SmtpPacketHandler.cs: Fixed bug where full TCP content length was returned
	instead of 0 when other protocols than SMTP were parsed. This caused
	NetworkMiner to fail when reassembling layer 7 protocol headers that were
	segmented in multiple TCP packets.

	* PacketHandler.cs: Added ability to extract messages from web-based e-mail
	and chat services, such as Gmail, Gmail chat, Yahoo e-mail, MS Exchange webmail


NetworkMiner 0.90	2009-11-09	Erik Hjelmvik

	* SmtpPacket.cs: Added SMTP parser. The main reason was to compete in the
	Network Forensics Puzzle Contest at http://forensicscontest.com/
	
	* NetworkMinerForm.cs: Added the "Messages" tab in the GUI. Emails and chat
	messages are displayed on this tab.