Ready to run sample scripts. You can copy the one closest to your needs and expand on it. We would appreciate deeply if you could share your own scripts here.
Start exploring the Unsniff scripting API, getting familiar with various objects and methods.
Purpose | Ruby | VBScript |
---|---|---|
Print the number of packets in a capture file | tcount.rb | tcount.vbs |
Bookmark and annotation demo. If packet length > 500 but < 1000, annotate the packet “Medium Sized Packet” If packet length > 1000 annotate the packet as “Large Sized Packet” | bookanno.rb | bookanno.vbs |
Print all the fields in a given PDU | pdudrill.rb | pdudrill.vbs |
Copy selected packets from unsniff capture file-1 to file-2 | pktcopy.rb | pktcopy.vbs |
Print all fields in all protocol layers of a given packet | prdrill.rb | prdrill.vbs |
Print all protocol layers in a given packet | prlayer.rb | prlayer.vbs |
Print a list of all PDUs in a capture file | prpduidx.rb | prpduidx.vbs |
Print a list of all Packets in a capture file | prpidx.rb | prpidx.vbs |
Print a list of User Objects in a capture file | prpuo.rb | prpuo.vbs |
Print a list of Streams (TCP Sessions) in a capture file | prstmidx.rb | prstmidx.vbs |
Print all occurances of a given field in a capture file | qfield.rb | qfield.vbs |
Save all user objects of a given type to a directory. Use the preferred file name. | saveuo.rb | saveuo.vbs |
Import and export between Unsniff *.USNF format and libpcap/tcpdump/Wireshark format. Learn how to selectively export entire flows, multiple packets and more.
Purpose | Ruby | VBScript |
---|---|---|
Display all the fields for a given packet and layer | dlayer.rb | dlayer.vbs |
Batch import several files in libpcap/tcpdump format into a single unsniff capture file. You may use wildcards to match libpcap files to be imported. | batchimp.rb | batchimp.vbs |
Export a entire unsniff capture file to libpcap/tcdump format | export1.rb | export1.vbs |
Export a selected session (TCP/IP) to a libpcap/tcpdump file | export2.rb | export2.vbs |
Export individual packets to a libpcap/tcpdump file | export3.rb | export3.vbs |
Import a libpcap/tcpdump file into a new Unsniff capture file | import1.rb | import1.vbs |
Import a TCPDUMP file, then for each TCP Session in the file, reassemble and dump each direction of traffic into separate files. Script is called xs.vbs (Xtract Sessions) | - | xs.vbs |
Print certificate chain for each SSL/TLS connection Scan SSL records and print certificate chain all for each connection, all the way up to the root CA | xcert.rb | - |
Scripts specific to a protocol or family of protocols (eg. TCP, IP, SSL). Learn how to navigate through protocol trees to find and process the information you want.
Purpose | Ruby | VBScript |
---|---|---|
Find out which HTTP servers set or received what cookies from browsers | - | prcookie.vbs |
Print all segments in a stream (TCP Session) | - | stmdrill.vbs |
Print a count of packets in a capture file (alternate version) | - | tcount2.vbs |
Print all TCP port pairs in a capture file | tcpports.rb | tcpports.vbs |
Print all TCP port pairs in a capture file (alternate version using the Find method) | - | tcpports2.vbs |
Identify TCP/IP servers. Print the busiest servers by total bytes and connection. | busyserver.rb | - |
Some moderately big tools written in Ruby (with Fox-Ruby user interfaces).
Purpose | Ruby, VBScript |
---|---|
IAX2 Call Analysis [Article] This tool is an offline IAX2 Call Analysis script. Run in on a IAX2 (Asterisk) capture to study QoS of each call in the file. It can do Call Bandwidth, Jitter, Interarrival Delay, Loss, and IAX2 Event analysis | Ruby (iax2ana.rb) |
Packet Length Analysis [Article] This tool draws a bar chart showing packet length distribution in a capture file | Ruby (lendist.rb) |
UnleashCharts charting library A open source Ruby Charting library project started by Unleash Networks | Ruby(UnleashCharts.rb) |
Traffic Monitor [Article] Draws a graph showing traffic (in bps) observed over time in a capture file | Ruby(trafmon.rb) |
TCP Analysis [Article] A comprehensive TCP analysis tool with over 6 charts. Includes detecting retransmission, duplicate acks, out of order segments, round trip time, and congestion analysis. | Ruby (anastm.rb) |