Script LibraryPowerful free network analysis scripts
| The Unsniff Scripting API allows you to write powerful snippets of Ruby or VBScript to accomplish very specific tasks. You get full access to reconstruction, protocol field details, TCP sessions, even user objects via the scripting API. |
You can either run the scripts standalone from the command line or hook them up to specific menus or buttons in the Unsniff user interface. Select a category
| General | Simple scripts used to explore the Unsniff Scripting API, batch processing, and drilldowns | | Import/Export | Script to import/export various entities, some bulk import export | | Protocol Specific | Scripts specific to a protocol or family of protocols (eg. TCP, IP) | | Advanced | Advanced network analysis tools.
Mostly written in Ruby (with Fox-Ruby user interfaces) |
Category : General[Back to top] Purpose | Author | Date | Ruby, VBScript | Print the number of packets in a capture file | TimV | 9/15/05 | Ruby(tcount.rb) VBScript(tcount.vbs) | Bookmark and annotation demo. If packet length > 500 but < 1000, annotate the packet "Medium Sized Packet" If packet length > 1000 annotate the packet as "Large Sized Packet" | Vivek (ULSH) | 8/15/05 | Ruby(bookanno.rb) VBScript(bookanno.vbs) | Print all the fields in a given PDU | Vivek (ULSH) | 8/15/05 | Ruby(pdudrill.rb) VBScript(pdudrill.vbs) | Copy selected packets from unsniff capture file-1 to file-2 | TimV | 8/15/05 | Ruby(pktcopy.rb) VBScript(pktcopy.vbs) | Print all fields in all protocol layers of a given packet | TimV | 8/15/05 | Ruby(prdrill.rb) VBScript(prdrill.vbs) | Print all protocol layers in a given packet | TimV | 8/15/05 | Ruby(prlayer.rb) VBScript(prlayer.vbs) | Print a list of all PDUs in a capture file | TimV | 8/15/05 | Ruby(prpduidx.rb) VBScript(prpduidx.vbs) | Print a list of all Packets in a capture file | TimV | 8/15/05 | Ruby(prpidx.rb) VBScript(prpidx.vbs) | Print a list of User Objects in a capture file | TimV | 8/15/05 | Ruby(prpuo.rb) VBScript(prpuo.vbs) | Print a list of Streams (TCP Sessions) in a capture file | TimV | 8/15/05 | Ruby(prstmidx.rb) VBScript(prstmidx.vbs) | Print all occurances of a given field in a capture file | TimV | 8/15/05 | Ruby(qfield.rb) VBScript(qfield.vbs) | Save all user objects of a given type to a directory. Use the preferred file name. | Unleash | 8/15/05 | Ruby(saveuo.rb) VBScript(saveuo.vbs) |
Category: Import/Export[Back to top]
Purpose | Author | Date | Ruby, VBScript | Display all the fields for a given packet and layer | Unleash | 8/15/05 | Ruby(dlayer.rb) VBScript(dlayer.vbs) | Batch import several files in libpcap/tcpdump format into a single unsniff capture file. You may use wildcards to match libpcap files to be imported. | Unleash | 8/15/05 | Ruby(batchimp.rb) VBScript(batchimp.vbs) | Export a entire unsniff capture file to libpcap/tcdump format | Unleash | 8/15/05 | Ruby(export1.rb) VBScript(export1.vbs) | Export a selected session (TCP/IP) to a libpcap/tcpdump file | Unleash | 8/15/05 | Ruby(export2.rb) VBScript(export2.vbs) | Export individual packets to a libpcap/tcpdump file | Unleash | 8/15/05 | Ruby(export3.rb) VBScript(export3.vbs) | Import a libpcap/tcpdump file into a new Unsniff capture file | Unleash | 8/15/05 | Ruby(import1.rb) VBScript(import1.vbs) |
Category : Protocol Specific[Back to top] Purpose | Author | Date | Ruby, VBScript | Find out which HTTP servers set or received what cookies from browsers
| TimV | 2/18/05 | Ruby(- na -)
VBScript (prcookie.vbs)
| Print all segments in a stream (TCP Session) | TimV | 8/15/05 | Ruby(- na -) VBScript(stmdrill.vbs) | Print a count of packets in a capture file (alternate version) | Unleash | 8/15/05 | Ruby(- na -) VBScript(tcount2.vbs) | Print all TCP port pairs in a capture file | Unleash | 8/15/05 | Ruby(tcpports.rb) VBScript(tcpports.vbs) | Print all TCP port pairs in a capture file (alternate version using the Find method) | Unleash | 8/15/05 | Ruby(- na -) VBScript(tcpports2.vbs) | Identify TCP/IP servers. Print the busiest servers by total bytes and connection. A TCP/IP server is one which is the target of a SYN packet. | Unleash | 8/15/05 | Ruby(busyserver.rb) VBScript(- na -) |
[Back to top]
Category : Advanced[Back to top] Purpose | Author | Date | Ruby, VBScript | IAX2 Call Analysis [Article]
This tool is an offline IAX2 Call Analysis script. Run in on a IAX2 (Asterisk) capture to study QoS of each call in the file. It can do Call Bandwidth, Jitter, Interarrival Delay, Loss, and IAX2 Event analysis | TimV | 2/16/05 | Ruby (iax2ana.rb) | Packet Length Analysis [Article] This tool draws a bar chart showing packet length distribution in a capture file | VivekRajan (ULSH) | 9/20/05 | Ruby (lendist.rb) | UnleashCharts charting library A open source Ruby Charting library project started by Unleash Networks | VivekRajan (ULSH) | 9/10/05 | Ruby(UnleashCharts.rb) | Traffic Monitor [Article] Draws a graph showing traffic (in bps) observed over time in a capture file | VivekRajan
(ULSH) | 9/20/05 | Ruby(trafmon.rb) | TCP Analysis [Article] A comprehensive TCP analysis tool with over 6 charts. Includes detecting retransmission, duplicate acks, out of order segments, round trip time, and congestion analysis. | VivekRajan (ULSH) | 10/5/05 | Ruby (anastm.rb) |
[Back to top]
|
