Table of Contents

Unsniff.Database

Description

Represents a capture file. You must first create this object and then use this to open an existing capture file or create a new capture file. You can then use the methods and properties provided by this object to navigate to other interesting parts of the capture file. The Unsniff.Database is the only object that can be publicly created via its ProgID.

Properties

NameTypeAccessDescription
PacketCountLongReadThe number of packets currently present in the capture database.
PDUCountLongReadThe number of PDUs currently present in the capture database.
PacketIndexCollectionReadA collection of Packet objects.
PDUIndexCollectionReadA collection of PDUs.
StreamIndexCollectionReadA collection of Streams. Each stream represents a TCP/IP session.
UserObjectsIndexCollectionReadA collection of User Objects. Examples of user objects are images, HTML, audio, RTP media, files, etc.

Methods

NameParametersDescription
Open Filename (String) Opens the capture file identified by the filename parameter for read-write access. The filename can be a full pathname or a relative filename. You can also open the file explicitly for readonly or readwrite access using the OpenForRead and OpenForWrite methods.
OpenForReadFilename (String)Opens the capture file identified by the filename for read only. Use this method if you are just analyzing a capture file and not trying to change its contents.
OpenForWriteFilename (String)Open the capture file for read-write access. Use this method if you want to change the contents of the capture file in any way.
This call will return an error if the capture file is already opened in the main Unsniff application. Try OpenForRead or close the capture file in Unsniff while your script is running
NewFilename (String)Creates a new capture file with the given filename. The filename can be a full pathname or a relative filename.
CloseNoneClose the file. The file must be currently open via the Open or New methods. All changes made to a file opened with write access are saved.
BeginExportFilename (String)
Type (String)
Open an export file with the given name and type. Currently the only type supported is“libpcap”.
To export an entire file:
Use the Export() method
To selectively export packets:
Call BeginExport(), followed by a bunch of ExportXXX() calls, then with an EndExport()
ExportPacket PacketExport this packet to the export file currently opened via BeginExport()
ExportStream StreamExport the entire stream (e.g. TCP/IP session) to the export file currently opened via BeginExport()
EndExportNoneClose the export file previously opened via BeginExport()
ExportType(String)
Filename (String)
Export all the packets in this capture file to the given file. The desired export format is specified in the Type parameter.
Currently the only Type supported is “libpcap”
ImportType(String)
Filename (String)
Import all the packets in a capture file in another format into this file. You must already a USNF file open into which you want to import.
Type must be set to “libpcap”
Sample
UDB = WIN32OLE.CreateObject(“Unsniff.Database”)
UDB.Open(“mycap.usnf”)
UDB.Import(“test1.pcap”, “libpcap”) ''
AddPacketPacketAdd the given Packet to this capture file. This packet could be from another capture file that is currently open.
AddStreamStreamAdd the given Stream to this capture file. The stream could be from another capture file that is currently open.