| Advantages |
The Unsniff "Unfair" AdvantageUnsniff is designed from the ground up with ease of use, new visualizations, advanced analysis, and extensibility in mind. You will find that Unsniff empowers you to analyze deeper - easier. By Feature (click on the feature for more detail)
[Back to top]  New VisualizationsEasy on your eyes and brain More Detail about the Visual Breakout What others offer: Network protocol analysis has so far been about reading hex dumps with the help of a text tree. The text tree is used to navigate the hex dump. As fields are selected from the tree - the corresponding hex bytes are highlited. We found that this scheme is inherently painful and requires a two-level correlation between the tree and raw view. In addition, this scheme is useless in printed form or when embedded in another document. The Unsniff Advantage: Based on our experiences with leading network equipment vendors and educational institutions - we found that network protocols were both taught and designed using a graphical approach. Never once did we see anyone use a tree + raw approach to develop or teach network protocols. Unleash Networks decided to use this as a basis for its new visualization scheme. Unsniff introduces the enhanced, interactive packet frame view (called a Visual Breakout) - a first in the network analyzer world.
[Back to top] PDUsBeyond plain link layer analysis What others offer: All network analysis tools in the market today offer only link layer (the lowest non-physical layer) packet analysis. Network protocols are layered - a top layer usually depends on some funtionality provided by the lower layers. If you only perform link layer packet analysis - you cannot see the right picture from the upper layers. Upper layer protocols usually communicate in terms of protocol data units (or PDUs) - which have little or no respect for packet boundaries. For example : If you have a 5000+ byte LDAP PDU carried over 5 ethernet packets, it will be almost impossible for you to meaninfully analyze this PDU by just looking at Ethernet packets. If your network is experiencing packet loss - your agony is much greater. The Unsniff Advantage: Unsniff is the first and only network analyzer to monitor PDUs as a first class entity (just like link layer packets). If you work with stream based protocols - you will at last have never-before visibility into PDUs.
[Back to top] StreamsFull stream analysis A stream represents connection oriented data such as TCP/IP sessions. A typical traffic profile of a network will consist of hundreds of independent 'streams' of data. If you want to analyze this data, your first task is to identify the stream you want to look at. This can be a bewildering experience if you are working with a busy network. What others offer: Most network analyzers today offer a feature known as "go to stream". To use this feature - you typically select a link layer packet - then select "go to stream" from a menu. This is a bottom-up approach that rarely works well. This is due to the fact that it is rather difficult to select a link layer packet without any high-level visibility into streams. The Unsniff Advantage: Unsniff is the first and only network analyzer to monitor streams in real-time. Streams (like link layer packets and PDUs) are first class entities in Unsniff. This makes your task of identifying your stream of interest real easy - you just have to pick your stream from a list. This top-down approach will save you hours.
[Back to top] Network User ObjectsMonitor higher level objects Unsniff is the first network analyzer to introduce this concept. For some users, the most interesting thing on the network is not packets, or PDUs, or streams; rather some other higher level object such as HTML pages served, flash content, quality of RTP audio, files transferred using FTP or SMB, etc. This can be useful for web developers, security administrators, or just curious users.
[Back to top] WizardsYou dont have to memorize a difficult syntax or field names Capture filters are used to cut down the number of packets by dropping unwanted packets at a very low level. Display filters are used in a variety of ways to match various field level criteria. What others offer: Most network analyzers support filtering both at the capture level or at the display level. At the capture filter level, many use the excellent mechanisms offered by the BPF (Berkeley Packet Filter) library. Some analyzers offer rudimentary help at these levels - but not enough for complex expressions. The biggest drawback is usually the need to remember the syntax of the BPF capture filter - or even worse to remember field names while constructing display filters. You need to have access to documentation to lookup names on the side. The Unsniff Advantage : Unsniff features two wizards dedicated to filters. The Capture filter wizard allows you to construct complex BPF expressions in a snap. The Display filter wizard is really powerful - you can specify field matching expressions in a simple way without having to remember or lookup field names or types.
[Back to top] Roll your ownYou now have the power to write your own analysis tools Today, it is tough being a talented network analysis professional. There are plenty of network / protocol analyzers but they do not provide you with an environment to write your own tools. You have to contact their "services department" to get them to include simple functionality. For example : Recently we talked to a talented web network administrator - he wanted his network analyzer to simply print out which countries were hitting what resources on one of his websites. So a simple report of : URL -> list of countries was all he needed. With Unsniff, he was able to write a simple script in Ruby to accomplish this. The Current State : We do not know of any network or protocol analyzer that offers a scripting or extensible environment. You have to depend on "canned" reports (such as Top-10 talkers, by protocol, packet size etc). These canned statistics are cute and all, but usually fall way short of what you want to do in your particular network. The Unsniff Advantage : Unsniff provides you with a complete scripting environment. You can script the user interface or write command line scripts that work with capture files directly. You will be surprised how productive you can be.
[Back to top] Extend itCustom protocols or entire user interfaces Does your company have a proprietary protocol ? Is the protocol you need not supported in Unsniff ? Do you want additional features ? Unsniff already supports 40+ protocols we think are highly used. We are adding new ones at a rapid rate - and you can access them free of cost. There will still be cases where you want to write your own protocol handlers.
The Unsniff Advantage : Unsniff provides you with a powerful API to write your own plugins. In addition to protocol handlers, you can also write custom name resolvers, user interfaces, eavesdroppers and more.
|