Hi All.
I have tried this app and it looks like it will do what I want it to, but I want to use the scripting functionality with ruby.

I used the example scripts on the unsniff developers pages and the blog but they all fail.

Here is some of the code
InputTCPD, DirName = ARGV.shift, ARGV.shift

File.delete("temp_cap.usnf") if File.exists? "temp_cap.usnf"
Dir.mkdir(DirName) unless File.directory? DirName

UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.New("temp_cap.usnf")

Its this last line that fails. Am I missing something from my config or an addon or something?

I am running Windows 7 and have the latest unsniff and ruby just installed.

Thanks in advance
Adrian

Hi,

Can you post what the error message is that UnsniffDB.New generates ?

Thanks

There is a high likelihood that the automation classes were not registered properly. To fix this


1. Open command prompt as Rt click administrator
2. CD \Program Files\Unleash Networks\Unsniff\Bin
3. REGSVR32 usnfaut.dll

Now try running the scripts. They ought to work.


--

The reason why this happens is a bit unclear. The MSI installer registers all other classes without requiring admin privileges. I am investigating further.

Hi, that worked. I registered the dll and all is now well
I knew it must have been something like that, just couldn't put my finger on it.

Thanks a bundle
Pete

Hi Vivek,
well that problem was fixed and now I have a new problem. I haven't been able to get any of the example scripts to work. I have registered all DLLs in the bin directory. The scipts I am using are on the pages
www.unleashnetworks.com/blog/?p=467
and this one...
require 'win32ole'
USAGE = "prpidx <capture-filename>"
#
# function: print the description
#
def printPacket(packet)
$stdout << packet.Description << "\n"
end
#
# check arguments
#
if ARGV.length != 1
puts USAGE
exit 1
end

def MethodExists(obj, methodName)
obj.ole_methods.each{|method|
if (method.name == methodName)
return true
end
}
return false
end


UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.Open(ARGV[0])
Count = UnsniffDB.PacketCount
PacketStore = UnsniffDB
(0..Count-1).each{ |idx| printPacket(PacketStore.Item(idx)) }
UnsniffDB.Close()

The one I have copy and pasted in results in the following message:
c:\Users\PeterPan\unsniff>ruby test2.rb Untitled1.usnf
test2.rb:30:in `[]': (in OLE method `PacketIndex': ) (WIN32OLERuntimeError)
OLE error code:0 in <Unknown>
<No Description>
HRESULT error code:0x80020003
Member not found.
from test2.rb:30:in `<main>'
Line 30 is the PacketStore = UnsniffDB entry.

The first file results in this:
c:\Users\PeterPan\unsniff>ruby xuo.rb 2.usnf output
xuo.rb:19:in `method_missing': (in OLE method `Import': ) (WIN32OLERuntimeError)
OLE error code:80004005 in Unsniff.Database.1
Import: Cannot open file (pcap error)
HRESULT error code:0x80020009
Exception occurred.
from xuo.rb:19:in `<main>'


Can you help resolve this for me please?
Kind regards
Peter

Hi,


For the xuo.rb script - you need a PCAP file as input. If you have an USNF file (captured by Unsniff), you can export it to LIBPCAP/TCPDUMP format.

Once you have a PCAP file.

Then
ruby xuo.rb myfile.pcap outputdir

should work.

If you already have a USNF file, thats great because the process will be about 100x faster (really!). Just remove the Import(...) lines from the ruby script. Post back here if you run into more issues.



For the 1st sample : Try
UnsniffDB.PacketIndex
instead of
UnsniffDB

We need to update some of the samples for Ruby 1.9.x.