BLOG     |     FORUM
For Education

Unsniff in Education

University level networking and protocols courses
Cisco / Juniper and other certification training
Self learning

Teachers communicate better with Unsniff

  • Enhance your teaching experience
  • Current generation and open source tools have primitive visualization capabilities (hex dumps)
  • Create new coursework material and assignments
  • Introduce an element of fun into your classroom

Top features for teachers, students, and researchers

Unmatched visualizations
Unmatched and pioneering visualizations

Are you still asking your students to look at boring hex dumps ?
  • Unsniff is set to change how protocols are visualized. We spent a lot of time desiging the visual breakout; layout algorithms and graphics that are specially suited for visualizing protocols.
  • Make it easier for you to communicate concepts such as protocol layering, bit fields, IP addresses, ports, reassembly, and more !
  • Self documenting: Your students can discover how protocols work by just using the self documenting bubble help feature of Unsniff.
  • The ultimate self learning tool for network protocols.
printoutsStunning graphical printouts

Create new course material, tests, slides
  • Unsniff goes the extra yard when it comes to printing
  • Print packets in full graphical detail for the desired layers
  • Print TCP ladder diagrams (must see)
  • Create handouts and quizzes for your class using these printouts
  • Create slides (transparencies) to help you with your class
Create interactive assignments and projects

Unsniff is the ideal platform to create interesting projects and assignments.

Some examples:
  • Bookmarks and Annotations : You can post an interesting Unsniff capture file containing TCP packets and ask your students to bookmark all the 3-way hand shake packets. Annotations are small notes you can attach to any packet.
  • Filters : Unsniff contains a powerful and easy to use capture and display filter wizard. You can ask students to create filters to look for certain types of traffic or to isolate traffic.
  • Advanced : There are endless projects you can create using simple Unsniff Scripting, see examples of tracking busy servers, tcp analysis, and other samples at the script library.
tcpSpecial support for TCP

Get your students to a different level using Unsniffs' powerful TCP analysis functions
  • Special "time-lag" ladder diagram allows you to communicate the most difficult concepts about TCP
  • Projector friendly displays
  • Ultimate printing support for ladder diagrams
  • The streams sheet allows students to watch TCP behavior in real time
fun uoTop down analysis is fun

Start from what is interesting

"User objects
" are another innovation from Unsniff. A user object is any entity that is of maximum interest to the user for a given context. For example : If we are talking about HTTP, what is more interesting than seeing rendered HTML pages, other objects are flash, audio, scripts. For VoIP protocols, the user objects are audio channels and so forth. Read more..
  • Connect different protocols layers together
  • Look at reconstructed HTTP sessions, drill down to the TCP connections, then to the link layer packets
  • Far more effective than groping in the dark for the appropriate ethernet (or other link layer) frames
Multilingual teaching

Use any language for your teaching
  • Unsniff is designed and built as a Unicode application from the ground up.
  • We will be adding support for more languages based on customer demand.

Unsniff as a teaching aid

Whether you are teaching NET 101 or NET 901 - hands on lab assignments are essential for a complete understanding of the course material. Currently a large number of universities and colleges are using tools like tcpdump, or ethereal as the primary teaching aids. While these tools are excellent (especially Ethereal) in the sheer breadth of protocols supported, their weakness in visualization, reassembly, and extensibility make it hard to adapt them to a teaching environment. Unsniff is designed to be adaptable to various teaching situations. The simple and direct packet displays are so intuitive that your students will understand it instantly.

  • In the classroom: You can use Unsniff to explain various network concepts such as TCP/IP handshaking, how protocols are layered on top of each other, client server communication, IPv4 and IPv6, etc. Printouts generated by Unsniff are so rich that they can be used in all your slides. No more drawing protocols by hand. The Unsniff packet display can be undocked so that it can be projected full-screen in classrooms with multiple projectors.
  • Fun: Teaching is fun with Unsniff because of its high-level analysis capabilities. You can use a SIP phone to make a call - then play back the captured conversation. You can visit a few websites - and view the entire contents as is.
  • Assignments: Unsniff is the ideal platform for lab assignments. Once you have a capture file with "interesting data" - you can ask students to answer various questions using Unsniff alone. For example : You can ask students to bookmark all packets that are part of a TCP/IP 3-way handshake - or - mark all link layer packets that form a PDU.
  • Customize it: If you want to teach a specific topic such as TCP/IP congestion avoidance algorithm, you can write very simple scripts in VBScript or Ruby. These can be integrated into your installation of Unsniff. Your students can then access your analysis tool by right clicking on a TCP/IP stream and selection a command from the menu.
  • Advanced: You can use Unsniff to teach advanced topics such as security or wireless networks. You can customize Unsniff to support the specific protocol just the way you want it. Unsniff provides all the base functionality such as PDUs, reassembly, decryption, defragmentation, and decompression.

For more information about how Unsniff Network Analyzer can help with your particular usage scenario, contact us at Send email to this ID

Why Unsniff ?

Unsniff Network Analyzer offers multi layer monitoring with deep content awareness right out of the box.   The unique advantages of Unsniff are :

  1. Multi layer monitoring - flows, PDUs as top level objects
  2. Advanced NFAT (Network Forensics) abilities
  3. Scriptable for automation
  4. Fast native Windows UI w/ new visualization
  5. USNF format instantly opens huge capture files
  6. Advanced TLS decryption and analysis (incl TLS1.2 AEAD)
Unsniff can be a great complement to Wireshark known for its legendary bit level dissection abilities.

Scriptable : Automate your analysis

Unsniff exposes all entities as scriptable objects. They include Packets, Flows, PDUs, User Objects too. Write tiny but powerful scripts to automate the most tedious proceses. Some use cases

  • Automatically extract all images greater than 200K into a directory ?
  • Save each VOIP call as a separate .WAV file
  • Save the first 100K of each TCP flow
  • Reassemble and save in and out directions of each flow with a custom naming scheme ?
  • Import from Wireshark, apply custom filters, then export back into Wireshark
  • Pretty much anything you can do manually can be automated
Languages supported : VBScript and Ruby (via Win32OLE) / Documentation is available at "Unsniff Scripting Guide Home" / VBScript and Ruby sample scripts are at "Script Samples"

Not just packets : PDUs , flows , and content too

Network flows are TCP streams. Each flow is treated as a top level object in Unsniff. You are presented with a list of flows in addition to packets and you can choose to work on flows as a unit instead of per packet.

Protocol Data Units (PDUs) are reassembled messages that are extracted from raw packets. Unsniff lets you see these messages instead of just packet. For example you can view and monitor SSL/TLS Records instead of fragments of packets. Unsniff supports SNMP, LDAP, TLS, and other PDUs.

User Objects are extracted content ; such as images, emails, files, video, audio. The Unsniff User Objects Sheet allows you to work with them for forensics and investigative purposes. Most use cases are covered.

User Objects : Advanced Forensics and reconstruction

Unsniff has top notch and deep network forensics analysis (NFAT) capabilities. All objects are extracted and shown in the User Objects sheet. A subset of support.

  • HTTP : Full page reconstruction, images, POST messages, all CSS/JS, video, flash, and every kind of content can be extracted
  • Deep Keyword Search : Search in content
  • Email SMTP, POP3, IMAP, FTP files, SMB files,
  • Yahoo! Chat, MSN Chat, AOL Chat
  • Yahoo! / MSN Voice chat.
  • Google video chat - incl support for VP8 video/SPEEX audio codec
  • SIP/RTP/H.323/IAX2 - VOIP calls - incl all major codecs
  • Youtube reconstruction
All of the above can be automated. Unsniff's internal format USNF stores these objects natively for maximum performance.