At the top of the Unsniff food chain is the user object. This can be anything that is of great interest to the network analysis professional. You can write plugins to extract any type of user object from bserved traffic. Using the Unsniff Scripting API you can automate all aspects of user objects.
Some examples:
| Name | Type | Access | Description |
|---|---|---|---|
| ID | Long | Read | Each user object is assigned a unique ID by Unsniff |
| IID | String | Read | The GUID of the user object type. Each user object type must have a unique GUID. The GUID string is in registry format |
| Name | String | Read | The user object full name. |
| Type | String | Read | The user object type. This is defined by the author of the user object type. Typically this type identifies the user object type. Examples: Image, HTML, RTP Media, File,etc |
| Description | String | Read/Write | |
| PreferredFileName | String | Read/Write | Some Unsniff Plugins are very smart. They can figure out the most appropriate name for a user object based on the context in which it was created. For example: The preferred filename of a image transferred via HTML is that of the corresponding GET request. You can change this name if you want based on your analysis. |
| SenderAddress | String | Read | The network address of the Sender of this User Object. This is a network name if this address has been resolved to a name |
| ReceiverAddress | String | Read | The network address of the Receiver of this User Object. This is a network name if this address has been resolved to a name. |
| StreamID | Long | Read | If this User Object was extracted from a stream. This contains the Stream ID. For user objects not associated with a stream -1 is returned |
| StreamSeekPos | Long | Read | If this User Object was extracted from a stream. This contains the Stream Seek Position. For user objects not associated with a stream -1 is returned |
| StreamDirection | String | Read | If this User Object was extracted from a stream. This contains the direction (“in” or “out”). For user objects not associated with a stream a null string is returned |
| Length | Long | Read | The size in bytes of this user object. |
| HasError | Boolean | Read | Does this user object have an error. Typical errors are when user objects are not completed. You may want to check this property before proceeding to do too much with a given user object. |
| State | String | Read | The state of the user object. |
| CreateTimestamp | String | Read |
| Name | Parameters | Description |
|---|---|---|
| SaveToFile | FileName (String) | Save the user object to a file. FileName: Can be a pathname or a relative filename |
| HasPattern | Pattern string | Check if the pattern appears in the reconstructed user object |