prpduidx.rb
#----------------------------------------------------------
# prpduidx.rb -  Print all the PDUs in the capture file
#
#  usage: prpduidx <capture-filename>
#
#---------------------------------------------------------
require 'win32ole'
 
USAGE = "prpduidx <capture-filename>"
 
if ARGV.length != 1
	puts USAGE
	exit 1
end
 
UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.Open(ARGV[0])
PDUIndex = UnsniffDB.PDUIndex
(0..PDUIndex.Count-1).each  do |idx|
	pdu = PDUIndex.Item(idx)
 
	print "#{pdu.ID}\t#{pdu.Timestamp}\t#{pdu.Length}\t"
	print "#{pdu.Name}\t#{pdu.Description}\n"
 
end
 
UnsniffDB.Close

Sample run

C:\Users\Vivek\Documents\devbo\us\certxtract>ruby xcert.rb somecerts.usnf
1       04-05-2012 13:00:27-755654      170     TLS     Handshake: Client Hello TLS 1.0, prefer cipher Unknown, + 72 others C --> S
2       04-05-2012 13:00:28-073220      170     TLS     Handshake: Client Hello TLS 1.0, prefer cipher Unknown, + 72 others C --> S
3       04-05-2012 13:00:28-100976      79      TLS     Handshake: Server Hello TLS 1.0, select cipher TLS_RSA_WITH_RC4_128_SHA, sess AF9107D0... S --> C
4       04-05-2012 13:00:28-100976      1649    TLS     Handshake: Server Certificate S --> C
5       04-05-2012 13:00:28-102432      9       TLS     Handshake: Server Hello Done S --> C
6       04-05-2012 13:00:28-109130      267     TLS     Handshake: Client Key Exchange C --> S
7       04-05-2012 13:00:28-109130      6       TLS     Change Cipher Spec C --> S
8       04-05-2012 13:00:28-109130      41      TLS     Handshake: Encrypted Message C --> S
9       04-05-2012 13:00:28-433063      79      TLS     Handshake: Server Hello TLS 1.0, select cipher TLS_RSA_WITH_RC4_128_SHA, sess AF9107D0... S --> C
10      04-05-2012 13:00:28-433063      1649    TLS     Handshake: Server Certificate S --> C
11      04-05-2012 13:00:28-433169      9       TLS     Handshake: Server Hello Done S --> C
12      04-05-2012 13:00:28-460233      6       TLS     Change Cipher Spec S --> C
13      04-05-2012 13:00:28-460233      41      TLS     Handshake: Encrypted Message S --> C
14      04-05-2012 13:00:28-438319      115     DATA    POST:evsecure-ocsp.verisign.com/
15      04-05-2012 13:00:28-638868      1727    DATA    Response: evsecure-ocsp.verisign.com/
16      04-05-2012 13:00:29-119295      309     TLS     Handshake: Application Data [x.!..y..i.E.-[..] C --> S
17      04-05-2012 13:00:28-849350      115     DATA    POST:evsecure-ocsp.verisign.com/
unsniff/samples/prpduidx/ruby.txt · Last modified: 2014/09/11 23:23 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki