Articles

IAX2 (Asterisk) Analysis using Unsniff

Find out how you can use Unsniff to develop, debug, or test the IAX2 protocol (the native protocol used by the Asterisk open source PBX). Are you getting disconnected or the wrong codec is being negotiated ? Unsniff can help you debug it. Just hover your mouse over any field for bubble help to pinpoint your problem. You can track calls, playback each direction of a conversation, or save these conversations to a WAV file. If you know a scripting language (VBScript or Ruby) you can easily whip up your own analysis scripts.

Decrypt SNMPv3 messages

Analyzing encrypted SNMPv3

Unsniff provides excellent support for SNMPv3 analysis such as deep decodes, full bubble help, scriptability, and OID resolution. However SNMPv3 in privacy mode will stump Unsniff because of its encrypted payload. This article explains how you can continue to analyze SNMPv3 using the decryption features provided by Unsniff. By providing Unsniff with the privacy key information, you can automatically decrypt SNMPv3 PDUs which use the CBC-DES and CFB-AES-128 symmetric encyption algorithms.

Analyzing SSL/TLS

Using Unsniff to analyze SSL and TLS streams

Click for PDF Version "Using Unsniff to analyze SSL / TLS " (694 kb)

A number of applications today use SSL and TLS as a security layer. Unsniff allows authorized users to analyze these applications by decrypting the SSL/TLS streams in real time. This is done without interrupting the SSL streams in any way. Unsniff can also strip out the SSL/TLS layer completely and analyze the application protocols as if the security layer never existed. If you are working with a secure web server, you can analyze the HTTPS protocol, including the ability to reconstruct complete web pages.

Analyzing HTTP streams

This article will introduce you to various techniques for analyzing HTTP streams.

Unsniff has powerful analysis capabilities for HTTP analysis including.
    * Extract content (user objects) from HTTP streams
    * View entire HTML pages, images, flash, and media from within Unsniff
    * View all HTTP headers
    * View color-coded HTTP requests and responses
    * Full web pages including inline images, flash, stylesheets supported
    * Click through to other captured pages
    * Save pages for later analysis
    * Scripts to extract interesting data from HTTP headers

Tool: TCP Stream Analysis

TCP/IP stream analysis tool

This tool is part of a series of utilities meant to illustrate the use of the Unsniff Scripting API and to motivate you to write your own tools.

TCP Stream Analysis

TCP is arguably the most important protocol in the internet today. Under the hood, TCP features complex algorithms for congestion control. TCP attempts to seek the ideal bandwidth rate dynamically on any given link. It constantly attempts to push the transfer rate higher and periodically pulling back when it encounters errors. Observing the behavior of TCP is quite a revealing experience about rate control and error recovery. We present a utility here that detects retransmissions, out of order segments, duplicate acks. It can produce charts that plot the congestion window, advertised window, in-flight data, sequence number analysis and much more.

More Articles...

<< Start < Prev 1 2 3 4 Next > End >>

Page 3 of 4