Table of Contents

Unsniff sample scripts in Ruby and VBScript

Ready to run sample scripts. You can copy the one closest to your needs and expand on it. We would appreciate deeply if you could share your own scripts here.

Category : Beginning

Start exploring the Unsniff scripting API, getting familiar with various objects and methods.

PurposeRubyVBScript
Print the number of packets in a capture filetcount.rb tcount.vbs
Bookmark and annotation demo.
If packet length > 500 but < 1000, annotate the packet “Medium Sized Packet”
If packet length > 1000 annotate the packet as “Large Sized Packet”
bookanno.rb bookanno.vbs
Print all the fields in a given PDU pdudrill.rb pdudrill.vbs
Copy selected packets from unsniff capture file-1 to file-2 pktcopy.rb pktcopy.vbs
Print all fields in all protocol layers of a given packet prdrill.rb prdrill.vbs
Print all protocol layers in a given packet prlayer.rb prlayer.vbs
Print a list of all PDUs in a capture fileprpduidx.rb prpduidx.vbs
Print a list of all Packets in a capture fileprpidx.rb prpidx.vbs
Print a list of User Objects in a capture fileprpuo.rb prpuo.vbs
Print a list of Streams (TCP Sessions) in a capture fileprstmidx.rbprstmidx.vbs
Print all occurances of a given field in a capture file qfield.rb qfield.vbs
Save all user objects of a given type to a directory. Use the preferred file name. saveuo.rb saveuo.vbs

Category: Import/Export

Import and export between Unsniff *.USNF format and libpcap/tcpdump/Wireshark format. Learn how to selectively export entire flows, multiple packets and more.

PurposeRuby VBScript
Display all the fields for a given packet and layer dlayer.rb dlayer.vbs
Batch import several files in libpcap/tcpdump format into
a single unsniff capture file. You may use wildcards to match libpcap files to be imported.
batchimp.rb batchimp.vbs
Export a entire unsniff capture file to libpcap/tcdump formatexport1.rb export1.vbs
Export a selected session (TCP/IP) to a libpcap/tcpdump file export2.rbexport2.vbs
Export individual packets to a libpcap/tcpdump fileexport3.rbexport3.vbs
Import a libpcap/tcpdump file into a new Unsniff capture file import1.rbimport1.vbs
Import a TCPDUMP file, then for each TCP Session in the file,
reassemble and dump each direction of traffic into separate files.
Script is called xs.vbs (Xtract Sessions)
- xs.vbs
Print certificate chain for each SSL/TLS connection
Scan SSL records and print certificate chain all for each connection, all the way up to the root CA
xcert.rb -

Category : Protocol Specific

Scripts specific to a protocol or family of protocols (eg. TCP, IP, SSL). Learn how to navigate through protocol trees to find and process the information you want.

PurposeRuby VBScript
Find out which HTTP servers set or received what cookies from browsers - prcookie.vbs
Print all segments in a stream (TCP Session) - stmdrill.vbs
Print a count of packets in a capture file (alternate version) - tcount2.vbs
Print all TCP port pairs in a capture file tcpports.rb tcpports.vbs
Print all TCP port pairs in a capture file (alternate version using the Find method) - tcpports2.vbs
Identify TCP/IP servers. Print the busiest servers by total bytes and connection.busyserver.rb-

Category : Advanced

Some moderately big tools written in Ruby (with Fox-Ruby user interfaces).

PurposeRuby, VBScript
IAX2 Call Analysis [Article]
This tool is an offline IAX2 Call Analysis script. Run in on a IAX2 (Asterisk)
capture to study QoS of each call in the file. It can do Call Bandwidth, Jitter,
Interarrival Delay, Loss, and IAX2 Event analysis
Ruby (iax2ana.rb)
Packet Length Analysis [Article]
This tool draws a bar chart showing packet length distribution in a capture file
Ruby (lendist.rb)
UnleashCharts charting library
A open source Ruby Charting library project started by Unleash Networks
Ruby(UnleashCharts.rb)
Traffic Monitor [Article]
Draws a graph showing traffic (in bps) observed over time in a capture file
Ruby(trafmon.rb)
TCP Analysis [Article]
A comprehensive TCP analysis tool with over 6 charts. Includes detecting retransmission, duplicate acks,
out of order segments, round trip time, and congestion analysis.
Ruby (anastm.rb)