I need TCP user application level protocol parsing functionality.

Is it possible using Unsniff Network Analyzer and Custom plugin(C++ API)?

Should I use Custom User Object?

You can write three types of protocol parsers using Unsniff.

1) XML only
You can describe the vast majority of protocols, even really hairy ones using XML only.

2) C++ only
Allows low level control. Use only if absolutely necessary such as for decryption, reassembly, extracting content such as voice, etc.

3) Hybrid of C++ and XML
You can move all the field definitions, which constitute the vast majority of protocol parsing into XML. The C++ code can then simply use the field definitions based on packet contents.

Since your application is running on top of TCP, you will need to use the hybrid approach to take advantage of the TCP stream reassembly feature.

Did you download the API, examples, and documentation. We are working on a major refresh of the Unsniff product including better docs. So it may be a bit confusing at first. I can help you step by step.


Vivek
Unleash Networks