Table of Contents

Layer

Description

The layer object represents a protocol layer within a packet. For example an HTTP packet may have “Ethernet” , “IP”, “TCP”, “HTTP” layers. These are modeled using the Layer object

NameTypeAccessDescription
NameString ReadThe name of the layer. This is usually the short name of the protocol.
ProtIDStringReadThe GUID of the protocol layer. The GUID is returned as a string in Registry format.
You may recall that in the Unsniff plugin architecture each protocol must be assigned a unique GUID.
SizeLongReadThe number of bytes in this layer.
FieldsCollectionReadGet all the fields contained in this layer. This is a collection. For example: In the Ethernet layer: you may have the “Dest MAC,”Src MAC”, “Ethertype” fields. This is your main method to drilldown to field level details from a packet.

Methods

NameParametersDescription
FindFieldFieldName(String)Find a field in this layer using a field name.The field name must be as it appears in Unsniff. This method returns the first field that matches the name.All sub fields are searched for a match.
Example:
Set IpSrc = iplayer.FindField(“Src Address”) 


This method also allows you to specifically search fields within records using a special notation. Notation: “>Group 1>Sub Group2> MyField”.There is no limit on the number of groups that can be nested this way. When you use this notation, FindField will search “Group 1” for a field named “Sub Group2”, then search “Sub Group 2” for a field named “MyField”. Use this method to disambiguate duplicate field names or to cut down on exhaustive searches.
Example:

Set Fbit = iax.FindField(“>FULL FRAME>Source  Call Number>F”) 

You can also use the notation to select the nth instance of a field. To select the IP Address field in the 2nd occurance of the Address Record

 Set IP2 = arplayer.FindField(">Address Record[1]>IP Address") 
RawDataStringA hex dump of bytes in this layer only