# --------------------------------------------------------- # bookanno.rb # Usage : bookanno <filename> # # Demostrates bookmark and annotations # Bookmark all packets > 1000 bytes # Annotate all packets > 500 bytes as "medium sized" # # Part of Unsniff Developers API # --------------------------------------------------------- require 'win32ole' USAGE = "bookanno <capture-filename>" if ARGV.length != 1 puts USAGE exit 1 end InputFile = ARGV[0] UnsniffDB = WIN32OLE.new("Unsniff.Database") UnsniffDB.Open(InputFile) Count = UnsniffDB.PacketCount nBookmarked = nAnnotated =0 PacketStore = UnsniffDB['PacketIndex'] (0..Count-1).each { |idx| packet = PacketStore.Item(idx) if packet.Length > 1000 packet.IsBookmarked = true nBookmarked += 1 elsif packet.length > 500 packet.Annotation = "Medium Sized Packet" nAnnotated += 1 end } print "Bookmarked #{nBookmarked} , Annotated #{nAnnotated} packets" UnsniffDB.Save