BLOG     |     FORUM
For Admin

Unsniff for Network Administration

Network Administration
Security Analysis
Field Support


Unsniff can help you troubleshoot like no other tool. Unsniff's stream analysis combined with its powerful scripting abilities enable you to write forensic analysis tools. The following groups will benefit from Unsniff Network Analyzer.
  • Security Analysts
  • Network Administrators
  • Field Personnel

Top features for network administrators

One-stop statistics

/featdetail.html#StatisticsStatisticsUnsniff Network Analyzer comes with powerful performance statistics capabilities built in. You can view the current top-N conversations for IP, Ethernet, and IPv6 hosts. You can also view the current bandwidth used in bytes/sec and packets/sec.We designed our Statistics window as a one-stop dashboard for the most frequently used reports.

Roll your own

For a network administrator, the main strength of Unsniff is its extensibility and scripting capabilities. Unsniff provides you the tools to roll your own administration tools. There are plenty of network / protocol analyzers but they do not provide you with an environment to write your own tools. You have to contact their "services department" to get them to include simple functionality. For example : Recently we talked to a talented web network administrator - he wanted his network analyzer to simply print out which countries were hitting what resources on one of his websites. So a simple report of : URL -> list of countries was all he needed. With Unsniff, he was able to write a simple script in Ruby to accomplish this. As a network administrator you will frequently encounter such situations - Unsniff enables you to break free of canned reports and analysis. You can also mine through captured data and perform security analysis.

Create your own reports

For users coming from tools which have many canned reports, it may seem that Unsniff is lacking these reports. The reality is that a majority of those canned reports are hardly ever used and result in information overload. Unsniff can generate many such reports easily via its scripting interface. For example : see packet length distribution, traffic report, and advanced TCP analysis tools.

Unleash Networks would love to hear from you about your needs in the reporting area.




For more information about how Unsniff Network Analyzer can help with your particular usage scenario, contact us at Send mail to this ID
 

Why Unsniff ?

Unsniff Network Analyzer offers multi layer monitoring with deep content awareness right out of the box.   The unique advantages of Unsniff are :

  1. Multi layer monitoring - flows, PDUs as top level objects
  2. Advanced NFAT (Network Forensics) abilities
  3. Scriptable for automation
  4. Fast native Windows UI w/ new visualization
  5. USNF format instantly opens huge capture files
  6. Advanced TLS decryption and analysis (incl TLS1.2 AEAD)
Unsniff can be a great complement to Wireshark known for its legendary bit level dissection abilities.

Scriptable : Automate your analysis

Unsniff exposes all entities as scriptable objects. They include Packets, Flows, PDUs, User Objects too. Write tiny but powerful scripts to automate the most tedious proceses. Some use cases

  • Automatically extract all images greater than 200K into a directory ?
  • Save each VOIP call as a separate .WAV file
  • Save the first 100K of each TCP flow
  • Reassemble and save in and out directions of each flow with a custom naming scheme ?
  • Import from Wireshark, apply custom filters, then export back into Wireshark
  • Pretty much anything you can do manually can be automated
Languages supported : VBScript and Ruby (via Win32OLE) / Documentation is available at "Unsniff Scripting Guide Home" / VBScript and Ruby sample scripts are at "Script Samples"
-

Not just packets : PDUs , flows , and content too

Network flows are TCP streams. Each flow is treated as a top level object in Unsniff. You are presented with a list of flows in addition to packets and you can choose to work on flows as a unit instead of per packet.

Protocol Data Units (PDUs) are reassembled messages that are extracted from raw packets. Unsniff lets you see these messages instead of just packet. For example you can view and monitor SSL/TLS Records instead of fragments of packets. Unsniff supports SNMP, LDAP, TLS, and other PDUs.

User Objects are extracted content ; such as images, emails, files, video, audio. The Unsniff User Objects Sheet allows you to work with them for forensics and investigative purposes. Most use cases are covered.

User Objects : Advanced Forensics and reconstruction

Unsniff has top notch and deep network forensics analysis (NFAT) capabilities. All objects are extracted and shown in the User Objects sheet. A subset of support.

  • HTTP : Full page reconstruction, images, POST messages, all CSS/JS, video, flash, and every kind of content can be extracted
  • Deep Keyword Search : Search in content
  • Email SMTP, POP3, IMAP, FTP files, SMB files,
  • Yahoo! Chat, MSN Chat, AOL Chat
  • Yahoo! / MSN Voice chat.
  • Google video chat - incl support for VP8 video/SPEEX audio codec
  • SIP/RTP/H.323/IAX2 - VOIP calls - incl all major codecs
  • Youtube reconstruction
All of the above can be automated. Unsniff's internal format USNF stores these objects natively for maximum performance.