The Visual Breakout |
"Say goodbye to raw hex dumps and navigation trees"The visual breakout is one of the key innovations in Unsniff. This type of layout is quite common in text books, protocol design guides, RFCs, teaching aids, and protocol specifications. Despite its widespread use, there is no network analyzer which can produce this representation. Unsniff is the first network analyzer which can draw these diagrams on the fly for all protocols. No more wading through hard to understand tree views or raw hex dumps. Any plugins written by you using the Unsniff API will automatically avail of all the features of Unsniff including the visual breakout. Special Note: Instructors of Networking Courses - you will be amazed how much the Visual Breakout cuts the communication gap between you and your students.Visual Breakout AreasThe visual layout consists of these areas (see image shown below)
Key Features of The Visual Breakout
Things you can do with the Visual BreakoutHow can I collapse a breakout ? How can I display bubble help ? Why is bubble help not appearing for field "xyz" ?
How can I adjust the layout of the visual breakout ?
How can I use the ASCII art diagram ?
Can I change the Bubble Help text ? How can I customize the appearance of the visual breakout ?
|
Why Unsniff ?
Unsniff Network Analyzer offers multi layer monitoring with deep content awareness right out of the box. The unique advantages of Unsniff are :
- Multi layer monitoring - flows, PDUs as top level objects
- Advanced NFAT (Network Forensics) abilities
- Scriptable for automation
- Fast native Windows UI w/ new visualization
- USNF format instantly opens huge capture files
- Advanced TLS decryption and analysis (incl TLS1.2 AEAD)
Scriptable : Automate your analysis
Unsniff exposes all entities as scriptable objects. They include Packets, Flows, PDUs, User Objects too. Write tiny but powerful scripts to automate the most tedious proceses. Some use cases
- Automatically extract all images greater than 200K into a directory ?
- Save each VOIP call as a separate .WAV file
- Save the first 100K of each TCP flow
- Reassemble and save in and out directions of each flow with a custom naming scheme ?
- Import from Wireshark, apply custom filters, then export back into Wireshark
- Pretty much anything you can do manually can be automated
Not just packets : PDUs , flows , and content too
Network flows are TCP streams. Each flow is treated as a top level object in Unsniff. You are presented with a list of flows in addition to packets and you can choose to work on flows as a unit instead of per packet.
Protocol Data Units (PDUs) are reassembled messages that are extracted from raw packets. Unsniff lets you see these messages instead of just packet. For example you can view and monitor SSL/TLS Records instead of fragments of packets. Unsniff supports SNMP, LDAP, TLS, and other PDUs.
User Objects are extracted content ; such as images, emails, files, video, audio. The Unsniff User Objects Sheet allows you to work with them for forensics and investigative purposes. Most use cases are covered.
User Objects : Advanced Forensics and reconstruction
Unsniff has top notch and deep network forensics analysis (NFAT) capabilities. All objects are extracted and shown in the User Objects sheet. A subset of support.
- HTTP : Full page reconstruction, images, POST messages, all CSS/JS, video, flash, and every kind of content can be extracted
- Deep Keyword Search : Search in content
- Email SMTP, POP3, IMAP, FTP files, SMB files,
- Yahoo! Chat, MSN Chat, AOL Chat
- Yahoo! / MSN Voice chat.
- Google video chat - incl support for VP8 video/SPEEX audio codec
- SIP/RTP/H.323/IAX2 - VOIP calls - incl all major codecs
- Youtube reconstruction