snf-core v1.0.3

snf-core v1.0.3
Bug fixes and output quality improvements across stealth, replay, and console output.
Fixes

Stealth mode now produces complete silence — all startup prints, hardware probe output, and config warnings correctly suppressed
Live Report no longer fires during --replay and --determinism-check runs
Duplicate fingerprint count prints removed from startup output
Garbled binary bytes in DNS tunnel domain display now sanitized
Em-dash encoding corruption in --help text fixed

Output improvements

Session summary box with SHA-256, worker distribution, PPS, duration
Timestamped output/run_/ directories per session
ASCII separators replace broken Unicode box-drawing characters

Verified on

Emotet+TrickBot epoch-3 (15,781 packets)
CTU-35 DGA (1,563,841 packets, 0 drops)
dns_tunnel.pcap
nmap standard scan
Determinism contract holds — SHA-256 identical across runs

Install
cargo install snf-core

SNF-Core v1.0.2

SNF-Core v1.0.2

Deterministic, offline-first network protocol analysis engine written in Rust.

What's included

• Deterministic packet processing pipeline — F(dataset, config, version) → SHA-256 identical NDJSON output
• PCAP SHA-256 + config SHA-256 chain of custody
• Multi-threaded WorkerPool with flow-affinity routing
• AF_XDP zero-copy capture (falls back to pcap if hardware unsupported)
• Four operation modes: Forensic, Monitor, Stealth, Replay
• 14 protocol analyzers: DNS, TLS, HTTP/1.1, HTTP/2, QUIC, DHCP, ICMP, SMB, mDNS, DoH, DoT, Kerberos/LDAP/RDP, SSDP/UPnP/FTP
• FNV-1a FlowTable with LRU eviction + TCP reassembly
• JA3/JA4 fingerprint databases
• IANA port/service name database (6,255 entries)
• Hardware auto-scaling

Changes since v1.0.1

• Updated Cargo.toml dependencies
• Improved hardware probe (platform detection)
• Expanded integration tests and benchmarks
• Gitignore and config hygiene

Build

cargo build --release
Requires Rust stable. On Linux, root is required for live capture. On Windows, install Npcap first.

SNF-Core v1.0.0 — Initial Open Source Release

SNF-Core v1.0.0

Initial public release of the SNF-Core passive network forensics engine.

Features

• JA3/JA4 TLS fingerprinting with threat actor attribution
• Offline IOC matching — IP and domain blocklists, air-gap safe
• 14 protocol analyzers: DNS, TLS, HTTP/1.1, HTTP/2, QUIC, DHCP, ICMP, SMB, mDNS, Modbus, DNP3, S7comm, EtherNet/IP, PROFINET
• Deterministic output — same PCAP + config = SHA-256 identical NDJSON every time
• Multi-threaded capture with per-worker evidence collection and merge
• Behavioral analysis: beacon detection, DGA scoring, DNS tunneling, port scan detection
• ICS/SCADA protocol support
• Works on Linux (RHEL, Ubuntu, Debian) and Windows

Requirements

• Rust 1.75+
• libpcap (Linux) or Npcap (Windows)

Quick Start

git clone https://github.com/padigeltejas/snf-core
cd snf-core
cargo build --release
./target/release/snf-core --forensic --pcap-file capture.pcap