BLOG     |     FORUM

Unsniff for Developers and Testers

For developers
Developing client server applications
Developing protocol stacks
Testing complex networking systems
Creating automated network test scripts

Advantage Unsniff

A network analyzer is used in development to check for malformed packets, incorrect sequence of PDUs, excessive retransmissions, and a host of other problems. Unsniff rises above all the rest due to its visualization, extensibility, and automation capabilities.

Some of the things you can do with Unsniff are:
  • Write secure, self documenting, flexible decoders for your custom protocol
  • Leverage the power of XML to describe your protocol
  • Create advanced plugins with application level intelligence
  • Write test scripts to analyze complex capture data
  • Print protocol descriptions and attach to format specifications
  • Much more such as PDU and full stream analysis, read more

System Engineers

A system engineer is responsible for specifying the various components of the application and their interfaces. The interaction between components can be (1) a standard protocol - such as DNS, LDAP, RSVP or (2) a custom or proprietary protocol. The systems engineer can use Unsniff to document and even design these protocols. The features of Unsniff most useful to systems engineers are:
  • Visualization: When you are designing a protocol, you typically use a byte frame to specify the protocol fields. You can see this is action is many of the IETF RFCs and other standards documents. Unsniff uses the same visualization technique for displaying protocol fields. You do not have to rely on raw hex dumps or tree views to visualize your data.
  • Printing: Unsniff supports advanced multi-page printing and print-preview. You can use these rich printouts in reviews and design meetings.
  • Documentation : After designing your protocol or messages, you can document each field using XML. This field-level documentation is definitive and can be used by your developers and testers. This is a huge plus because Unsniff can be uniformly used across your organization. This prevents finger pointing and incorrect intepretation of protocol definitions. There is no other network or protocol analyzer that allows you to do this.

Software/Hardware developers

Developers have the unenviable task of actually implementing the components that comprise the network application. They also have to implement the protocols that are used to pull the whole system together. Whether you are using third party protocol stacks or implementing your own - Unsniff will make you more productive.
  • Visualization: A developer often has to go through a large number of iterations before he/she is able to get it right. Today, this means looking at hex dumps and/or a tree views of your data. Unsniff's revolutionary new packet displays eliminate the pain of analyzing packet data.
  • PDU Analysis: Prior to Unsniff, if you were developing a protocol on top of a stream layer such as TCP, then you were out of luck. All existing protocol analyzers only show you link-layer frames (ethernet, token ring, 802.11,etc). However, PDU based protocol do not care about link layer frames at all. Unsniff is the first and only network analyzer that features PDU analysis. No matter what the size, PDUs are analyzed just like link layer packets.
  • Full Stream Analysis: If you are implementing a protocol such as HTTP, BGP or LDAP, you will find that full-stream analysis will dramatically improve your visibility. In full stream analysis, entire TCP sessions are monitored in real time. You can observe all streams of data in your network, zoom in on an interesting stream, and then do interesting things like open a ladder diagram, save payloads, export stream, run custom scripts, etc. This type of top-down analysis is only possible with Unsniff.
  • Bookmark, Annotate: These allow you to tag interesting packets in your capture file. You can share a capture file with annotated and bookmarked packets with your team members.
  • Extensibility: As a developer you can extend Unsniff using the Unsniff Developers API. You can create custom protocol handlers in C++ or XML, name resolvers, eavesdroppers. You can even design entire applications on top of Unsniff using the API. The possibilities are endless. A small investment in developing a plugin can make Unsniff fit your needs exactly.


Testing teams ensure that the application behaves as expected under a variety of conditions. Testing & Verification is one area where Unsniff can prove to be major time and effort saver. This is possible due to the extensibility and scripting capabilities of Unsniff. You can capture data from various points in the network and execute test scripts using the Unsniff Scripting API. You can test for malformed packets, timing errors, sequence errors, incorrect request/response pairs, throughput, and much more.
  • Scripting: You can write test scripts that work on captured data. These scripts can check various error conditions including malformed packets, out of sequence data, throughput, etc. You can execute these scripts as part of your regression testing process. This kind of scripting is enabled by the Unsniff Scripting API. The functionality of these scripts is only limited by your imagination.
  • Reporting: If you find an error, you can annotate bad packet(s) and attach the capture file to your bug report. Alternately, Unsniff allows you to generate excellent printouts - which you can then take directly to the development team.
  • Self Documenting: Unsniff can provide extensive field-level help for all protocols. Whether you are developing a custom protocol or implementing a standard protocol - you will never be lost in the test lab looking at an unknown packet. Futhermore, these fields can the documented by the designers of the protocol - so you have access to unambigous information.

For more information about how Unsniff Network Analyzer can help with your particular usage scenario, contact us at Send email to this ID

Why Unsniff ?

Unsniff Network Analyzer offers multi layer monitoring with deep content awareness right out of the box.   The unique advantages of Unsniff are :

  1. Multi layer monitoring - flows, PDUs as top level objects
  2. Advanced NFAT (Network Forensics) abilities
  3. Scriptable for automation
  4. Fast native Windows UI w/ new visualization
  5. USNF format instantly opens huge capture files
  6. Advanced TLS decryption and analysis (incl TLS1.2 AEAD)
Unsniff can be a great complement to Wireshark known for its legendary bit level dissection abilities.

Scriptable : Automate your analysis

Unsniff exposes all entities as scriptable objects. They include Packets, Flows, PDUs, User Objects too. Write tiny but powerful scripts to automate the most tedious proceses. Some use cases

  • Automatically extract all images greater than 200K into a directory ?
  • Save each VOIP call as a separate .WAV file
  • Save the first 100K of each TCP flow
  • Reassemble and save in and out directions of each flow with a custom naming scheme ?
  • Import from Wireshark, apply custom filters, then export back into Wireshark
  • Pretty much anything you can do manually can be automated
Languages supported : VBScript and Ruby (via Win32OLE) / Documentation is available at "Unsniff Scripting Guide Home" / VBScript and Ruby sample scripts are at "Script Samples"

Not just packets : PDUs , flows , and content too

Network flows are TCP streams. Each flow is treated as a top level object in Unsniff. You are presented with a list of flows in addition to packets and you can choose to work on flows as a unit instead of per packet.

Protocol Data Units (PDUs) are reassembled messages that are extracted from raw packets. Unsniff lets you see these messages instead of just packet. For example you can view and monitor SSL/TLS Records instead of fragments of packets. Unsniff supports SNMP, LDAP, TLS, and other PDUs.

User Objects are extracted content ; such as images, emails, files, video, audio. The Unsniff User Objects Sheet allows you to work with them for forensics and investigative purposes. Most use cases are covered.

User Objects : Advanced Forensics and reconstruction

Unsniff has top notch and deep network forensics analysis (NFAT) capabilities. All objects are extracted and shown in the User Objects sheet. A subset of support.

  • HTTP : Full page reconstruction, images, POST messages, all CSS/JS, video, flash, and every kind of content can be extracted
  • Deep Keyword Search : Search in content
  • Email SMTP, POP3, IMAP, FTP files, SMB files,
  • Yahoo! Chat, MSN Chat, AOL Chat
  • Yahoo! / MSN Voice chat.
  • Google video chat - incl support for VP8 video/SPEEX audio codec
  • SIP/RTP/H.323/IAX2 - VOIP calls - incl all major codecs
  • Youtube reconstruction
All of the above can be automated. Unsniff's internal format USNF stores these objects natively for maximum performance.