Hi guys.
I am making progress in Unsniff and Ruby.
I am trying the xuo.rb script from the blog and a few others
as well. I have captured a wad of data that I know most of the contents. Its not normal HTML and IM data. I am trying to work out why I am not getting any userobjects. The packetindex.count is 101,334 so there is plenty of data in there, but UnsniffDB.UserObjectsIndex.Count is 0.

I presume it is because the data I am sending in to the Unsniff.Database is unknown?

My ultimate goal is to recreate the packets in to the original file, so if I am not going about it the right way, then that would be nice to know too

Thanks
Peter

Unsniff only extracts user objects for protocols, such as HTTP, EMAIL, FTP, VOIP, SMB, etc. If your protocol is unsupported you wont find anything in user objects tab.

You can however reconstruct and save incoming and outgoing TCP stream data, see the "xs.vbs" extract stream script unleashnetworks.com/devzone/unsniff/scri...tegory:_ImportExport - the sample is VB Script but easy to convert to ruby.

Hi, thanks. I am trying to reconstruct TCP data, but not a run of the mill filetype. I will check out that VB example. Thanks very much