The layer object represents a protocol layer within a packet. For example an HTTP packet may have “Ethernet” , “IP”, “TCP”, “HTTP” layers. These are modeled using the Layer object
Name | Type | Access | Description |
---|---|---|---|
Name | String | Read | The name of the layer. This is usually the short name of the protocol. |
ProtID | String | Read | The GUID of the protocol layer. The GUID is returned as a string in Registry format. You may recall that in the Unsniff plugin architecture each protocol must be assigned a unique GUID. |
Size | Long | Read | The number of bytes in this layer. |
Fields | Collection | Read | Get all the fields contained in this layer. This is a collection. For example: In the Ethernet layer: you may have the “Dest MAC,”Src MAC”, “Ethertype” fields. This is your main method to drilldown to field level details from a packet. |
Name | Parameters | Description |
---|---|---|
FindField | FieldName(String) | Find a field in this layer using a field name.The field name must be as it appears in Unsniff. This method returns the first field that matches the name.All sub fields are searched for a match. Example: Set IpSrc = iplayer.FindField(“Src Address”)
Set Fbit = iax.FindField(“>FULL FRAME>Source Call Number>F”) You can also use the notation to select the nth instance of a field. To select the IP Address field in the 2nd occurance of the Address Record Set IP2 = arplayer.FindField(">Address Record[1]>IP Address") |
RawData | String | A hex dump of bytes in this layer only |