#---------------------------------------------------------- # prpduidx.rb - Print all the PDUs in the capture file # # usage: prpduidx <capture-filename> # #--------------------------------------------------------- require 'win32ole' USAGE = "prpduidx <capture-filename>" if ARGV.length != 1 puts USAGE exit 1 end UnsniffDB = WIN32OLE.new("Unsniff.Database") UnsniffDB.Open(ARGV[0]) PDUIndex = UnsniffDB.PDUIndex (0..PDUIndex.Count-1).each do |idx| pdu = PDUIndex.Item(idx) print "#{pdu.ID}\t#{pdu.Timestamp}\t#{pdu.Length}\t" print "#{pdu.Name}\t#{pdu.Description}\n" end UnsniffDB.Close
Sample run
C:\Users\Vivek\Documents\devbo\us\certxtract>ruby xcert.rb somecerts.usnf 1 04-05-2012 13:00:27-755654 170 TLS Handshake: Client Hello TLS 1.0, prefer cipher Unknown, + 72 others C --> S 2 04-05-2012 13:00:28-073220 170 TLS Handshake: Client Hello TLS 1.0, prefer cipher Unknown, + 72 others C --> S 3 04-05-2012 13:00:28-100976 79 TLS Handshake: Server Hello TLS 1.0, select cipher TLS_RSA_WITH_RC4_128_SHA, sess AF9107D0... S --> C 4 04-05-2012 13:00:28-100976 1649 TLS Handshake: Server Certificate S --> C 5 04-05-2012 13:00:28-102432 9 TLS Handshake: Server Hello Done S --> C 6 04-05-2012 13:00:28-109130 267 TLS Handshake: Client Key Exchange C --> S 7 04-05-2012 13:00:28-109130 6 TLS Change Cipher Spec C --> S 8 04-05-2012 13:00:28-109130 41 TLS Handshake: Encrypted Message C --> S 9 04-05-2012 13:00:28-433063 79 TLS Handshake: Server Hello TLS 1.0, select cipher TLS_RSA_WITH_RC4_128_SHA, sess AF9107D0... S --> C 10 04-05-2012 13:00:28-433063 1649 TLS Handshake: Server Certificate S --> C 11 04-05-2012 13:00:28-433169 9 TLS Handshake: Server Hello Done S --> C 12 04-05-2012 13:00:28-460233 6 TLS Change Cipher Spec S --> C 13 04-05-2012 13:00:28-460233 41 TLS Handshake: Encrypted Message S --> C 14 04-05-2012 13:00:28-438319 115 DATA POST:evsecure-ocsp.verisign.com/ 15 04-05-2012 13:00:28-638868 1727 DATA Response: evsecure-ocsp.verisign.com/ 16 04-05-2012 13:00:29-119295 309 TLS Handshake: Application Data [x.!..y..i.E.-[..] C --> S 17 04-05-2012 13:00:28-849350 115 DATA POST:evsecure-ocsp.verisign.com/