====== Unsniff sample scripts in Ruby and VBScript  ======

Ready to run sample scripts. You can copy the one closest to your needs and expand on it. We would appreciate deeply if you could share your own scripts here. 

===== Category : Beginning =====

Start exploring the Unsniff scripting API, getting familiar with various objects and methods.

^Purpose^Ruby^VBScript^
|Print the number of packets in a capture file|[[unsniff:samples:tcount:ruby|tcount.rb]] | [[unsniff:samples:tcount:vbscript|tcount.vbs]] |
|Bookmark and annotation demo.\\ If packet length > 500 but < 1000, annotate the packet "Medium Sized Packet" \\ If packet length > 1000 annotate the packet as "Large Sized Packet"| [[unsniff:samples:bookanno:ruby|bookanno.rb]] | [[unsniff:samples:bookanno:vbs|bookanno.vbs]]|
|Print all the fields in a given PDU| [[unsniff:samples:pdudrill:ruby|pdudrill.rb]]| [[unsniff:samples:pdudrill:vbs|pdudrill.vbs]] |
|Copy selected packets from unsniff capture file-1 to file-2| [[unsniff:samples:pktcopy:ruby|pktcopy.rb]] | [[unsniff:samples:pktcopy:vbs|pktcopy.vbs]] |
|Print all fields in all protocol layers of a given packet| [[unsniff:samples:prdrill:ruby|prdrill.rb]]| [[unsniff:samples:prdrill:vbs|prdrill.vbs]] |
|Print all protocol layers in a given packet| [[unsniff:samples:prlayer:ruby|prlayer.rb]] | [[unsniff:samples:prlayer:vbs|prlayer.vbs]]|
|Print a list of all PDUs in a capture file|[[unsniff:samples:prpduidx:ruby|prpduidx.rb]] | [[unsniff:samples:prpduidx:vbs|prpduidx.vbs]]|
|Print a list of all Packets in a capture file|[[unsniff:samples:prpidx:ruby|prpidx.rb]] | [[unsniff:samples:prpidx:vbs|prpidx.vbs]]|
|Print a list of User Objects in a capture file|[[unsniff:samples:prpup:ruby|prpuo.rb]] |[[unsniff:samples:prpuo:vbs|prpuo.vbs]] |
|Print a list of Streams (TCP Sessions) in a capture file|[[unsniff:samples:prstmidx:ruby|prstmidx.rb]]|[[unsniff:samples:prstmidx:vbs|prstmidx.vbs]] |
|Print all occurances of a given field in a capture file |[[unsniff:samples:qfield:ruby|qfield.rb]] |[[unsniff:samples:qfield:vbs|qfield.vbs]] |
|Save all user objects of a given type to a directory. Use the preferred file name. |[[unsniff:samples:saveuo:ruby|saveuo.rb]] | [[unsniff:samples:saveuo:vbs|saveuo.vbs]]  |

===== Category: Import/Export =====

Import and export between Unsniff *.USNF format and libpcap/tcpdump/Wireshark  format. Learn how to selectively export entire flows, multiple packets and more.


^Purpose^Ruby ^ VBScript^
|Display all the fields for a given packet and layer| [[unsniff:samples:dlayer:ruby|dlayer.rb]] | [[unsniff:samples:dlayer:vbs|dlayer.vbs]]|
|Batch import several files in libpcap/tcpdump format into \\ a single unsniff capture file. You may use wildcards to match libpcap files to be imported.|[[unsniff:samples:batchimp:ruby|batchimp.rb]]| [[unsniff:samples:batchimp:vbs|batchimp.vbs]]|
|Export a entire unsniff capture file to libpcap/tcdump format|[[unsniff:samples:export1:ruby|export1.rb]]| [[unsniff:samples:export1:vbs|export1.vbs]] |
|Export a selected session (TCP/IP) to a libpcap/tcpdump file |[[unsniff:samples:export2:ruby|export2.rb]]|[[unsniff:samples:export2:vbs|export2.vbs]]|
|Export individual packets to a libpcap/tcpdump file|[[unsniff:samples:export3:ruby|export3.rb]]|[[unsniff:samples:export3:vbs|export3.vbs]] |
|Import a libpcap/tcpdump file into a new Unsniff capture file |[[unsniff:samples:import1:ruby|import1.rb]]|[[unsniff:samples:import1:vbs|import1.vbs]]|
|Import a TCPDUMP file, then for each TCP Session in the file,\\  reassemble and dump each direction of traffic into separate files.\\ Script is called xs.vbs (Xtract Sessions)| - |[[unsniff:samples:xs:vbs|xs.vbs]]|
|Print certificate chain for each SSL/TLS connection \\ Scan SSL records and print certificate chain all for each connection, all the way up to the root CA | [[unsniff:samples:xcert:rb|xcert.rb]] | - |



===== Category : Protocol Specific =====

Scripts specific to a protocol or family of protocols (eg. TCP, IP, SSL). Learn how to navigate through protocol trees to find and process the information you want.

^Purpose^Ruby ^ VBScript^
|Find out which HTTP servers set or received what cookies from browsers| - | [[unsniff:samples:prcookie:vbs|prcookie.vbs]]|
|Print all segments in a stream (TCP Session)| - | [[unsniff:samples:stmdrill:vbs|stmdrill.vbs]]|
|Print a count of packets in a capture file (alternate version)| - | [[unsniff:samples:tcount2:vbs|tcount2.vbs]]|
|Print all TCP port pairs in a capture file| [[unsniff:samples:tcpports:ruby|tcpports.rb]] | [[unsniff:samples:tcpports:vbs|tcpports.vbs]]|
|Print all TCP port pairs in a capture file (alternate version using the Find method)| - | [[unsniff:samples:tcpports2:vbs|tcpports2.vbs]]|
|Identify TCP/IP servers. Print the busiest servers by total bytes and connection.|[[unsniff:samples:busyserver:ruby|busyserver.rb]]|-|


===== Category : Advanced =====

Some moderately big tools written in Ruby (with Fox-Ruby user interfaces).

^Purpose^Ruby, VBScript^
|IAX2 Call Analysis [Article] \\ This tool is an offline IAX2 Call Analysis script. Run in on a IAX2 (Asterisk)\\ capture to study QoS of each call in the file. It can do Call Bandwidth, Jitter,\\ Interarrival Delay, Loss, and IAX2 Event analysis|Ruby ([[unsniff:samples:iax2ana:ruby|iax2ana.rb]])|
|Packet Length Analysis [Article]\\ This tool draws a bar chart showing packet length distribution in a capture file|Ruby ([[unsniff:samples:lendist:ruby|lendist.rb]])|
|UnleashCharts charting library \\ A open source Ruby Charting library project started by Unleash Networks|Ruby([[unsniff:samples:UnleashCharts:ruby|UnleashCharts.rb]])|
|Traffic Monitor [Article] \\ Draws a graph showing traffic (in bps) observed over time in a capture file|Ruby([[unsniff:samples:trafmon:ruby|trafmon.rb]])|
|TCP Analysis [Article] \\ A comprehensive TCP analysis tool with over 6 charts. Includes detecting retransmission, duplicate acks, \\ out of order segments, round trip time, and congestion analysis.|Ruby ([[unsniff:samples:anastm:ruby|anastm.rb]])|