BLOG     |     FORUM

Script Library

Sample scripts to help you get started with Unsniff Scripting


 

Unsniff Network Analyzer Logo
The Unsniff Scripting API allows you to write powerful snippets of Ruby or VBScript to accomplish very specific tasks. You get full access to reconstruction, protocol field details, TCP sessions, even user objects via the scripting API.

Select a category or scroll below for scripts

General Simple scripts used to explore the Unsniff Scripting API, batch processing, and drilldowns
Import/Export Script to import/export various entities, some bulk import export
Protocol Specific Scripts specific to a protocol or family of protocols (eg. TCP, IP)
Advanced Advanced network analysis tools.
Mostly written in Ruby (with Fox-Ruby user interfaces)

 

 


Category : General

[Back to top]

Purpose

Ruby, VBScript

Print the number of packets in a capture file

Ruby(tcount.rb)

VBScript(tcount.vbs)

Bookmark and annotation demo.

If packet length > 500 but < 1000, annotate the packet "Medium Sized Packet"

If packet length > 1000 annotate the packet as "Large Sized Packet"

Ruby(bookanno.rb)

VBScript(bookanno.vbs)

Print all the fields in a given PDU

Ruby(pdudrill.rb)

VBScript(pdudrill.vbs)

Copy selected packets from unsniff capture file-1 to file-2

Ruby(pktcopy.rb)

VBScript(pktcopy.vbs)

Print all fields in all protocol layers of a given packet

Ruby(prdrill.rb)

VBScript(prdrill.vbs)

Print all protocol layers in a given packet

Ruby(prlayer.rb)

VBScript(prlayer.vbs)

Print a list of all PDUs in a capture file

Ruby(prpduidx.rb)

VBScript(prpduidx.vbs)

Print a list of all Packets in a capture file

Ruby(prpidx.rb)

VBScript(prpidx.vbs)

Print a list of User Objects in a capture file

Ruby(prpuo.rb)

VBScript(prpuo.vbs)

Print a list of Streams (TCP Sessions) in a capture file

Ruby(prstmidx.rb)

VBScript(prstmidx.vbs)

Print all occurances of a given field in a capture file

Ruby(qfield.rb)

VBScript(qfield.vbs)

Save all user objects of a given type to a directory. Use the preferred file name.

Ruby(saveuo.rb)

VBScript(saveuo.vbs)

 


Category: Import/Export

[Back to top]

Purpose

Ruby, VBScript

Display all the fields for a given packet and layer

Ruby(dlayer.rb)

VBScript(dlayer.vbs)

 

Batch import several files in libpcap/tcpdump format into a single unsniff capture file. You may use wildcards to match libpcap files to be imported.

Ruby(batchimp.rb)

VBScript(batchimp.vbs)

Export a entire unsniff capture file to libpcap/tcdump format

Ruby(export1.rb)

VBScript(export1.vbs)

Export a selected session (TCP/IP) to a libpcap/tcpdump file

Ruby(export2.rb)

VBScript(export2.vbs)

Export individual packets to a libpcap/tcpdump file

Ruby(export3.rb)

VBScript(export3.vbs)

Import a libpcap/tcpdump file into a new Unsniff capture file

Ruby(import1.rb)

VBScript(import1.vbs)

Import a TCPDUMP file, then for each TCP Session in the file, reassemble and dump each direction of traffic into separate files.

 

Script is called xs.vbs (Xtract Sessions)

VBScript(xs.vbs)

Category : Protocol Specific

[Back to top]

Purpose

Ruby, VBScript

Find out which HTTP servers set or received what cookies from browsers

Ruby(- na -)

VBScript (prcookie.vbs)

Print all segments in a stream (TCP Session)

Ruby(- na -)

VBScript(stmdrill.vbs)

Print a count of packets in a capture file (alternate version)

Ruby(- na -)

VBScript(tcount2.vbs)

Print all TCP port pairs in a capture file

Ruby(tcpports.rb)

VBScript(tcpports.vbs)

Print all TCP port pairs in a capture file (alternate version using the Find method)

Ruby(- na -)

VBScript(tcpports2.vbs)

Identify TCP/IP servers. Print the busiest servers by total bytes and connection. A TCP/IP server is one which is the target of a SYN packet.

Ruby(busyserver.rb)

VBScript(- na -)


[Back to top]


 

Category : Advanced

[Back to top]

Purpose

Ruby, VBScript

IAX2 Call Analysis [Article]

This tool is an offline IAX2 Call Analysis script. Run in on a IAX2 (Asterisk) capture to study QoS of each call in the file. It can do Call Bandwidth, Jitter, Interarrival Delay, Loss, and IAX2 Event analysis
Ruby (iax2ana.rb)

Packet Length Analysis [Article]

This tool draws a bar chart showing packet length distribution in a capture file

Ruby (lendist.rb)

UnleashCharts charting library

A open source Ruby Charting library project started by Unleash Networks

Ruby(UnleashCharts.rb)

Traffic Monitor [Article]

Draws a graph showing traffic (in bps) observed over time in a capture file

Ruby(trafmon.rb)

TCP Analysis [Article]

A comprehensive TCP analysis tool with over 6 charts. Includes detecting retransmission, duplicate acks, out of order segments, round trip time, and congestion analysis.

Ruby (anastm.rb)


[Back to top]