CloudShark

Articles

Capture Challenges

Webinar: The Art of Packet Capture Challenges

January 1, 2019 · 1 min read

In this webinar, you’ll learn how experts approach challenges like these, using the right tools to uncover often deeply hidden problems.

Read More

Capture challenges

How we made the 2018 Halloween capture challenge

7 min read

In depth on creating a capture challenge using custom built captures Every so often we like to come up with a special capture challenge where people can use CloudShark to dive into some packet analysis and find the solution. But often the interesting story is about the methods we use to make the captures themselves - generating and capturing very specific packets to make the challenge interesting. Being packet geeks, it’s also really fun. Keep reading

White papers

Transform Your Packet Capture Workflow with these 4 Best Practices

8 min read

CloudShark Enterprise, is a packet capture repository, analysis tool, and collaboration platform that we built to solve the challenges faced in our own capture workflow. It uses Wireshark under the hood, but all you need is a web-browser. We believe that being able to quickly share packet analysis in context, without friction, and across teams, changes packet captures from something that are too often a “last resort” to a resource that can be relied on to provide answers faster than before. Keep reading
MSP

Packet analysis

How to Identify and Analyze BitTorrent Alerts in Your Network

8 min read

Tracking down BitTorrent activity with packet captures We love the exercises at malware-traffic-analysis.net, and occasionally we’ll pick some that we try to solve using CloudShark and its tools. This time however, we’re going through one armed with tools that we learned from Brad’s class (the author of malware-traffic-analysis) at Sharkfest US 2018, where he gave an in-depth class on using packet captures for malware analysis, as well as a presentation on Analyzing Windows malware traffic. Keep reading

Packet analysis

A Fast Analysis of TCP Fast Open

7 min read

Part 3 of our series exploring TCP examines the TCP “Fast Open” option and what to look for when troubleshooting TCP Fast Open (TFO) is an optional mechanism within TCP that lets endpoints that have established a full TCP connection in the past eliminate a round-trip of the handshake and send data right away. This speeds things up for endpoints that are going to keep talking to each other in the future and is especially beneficial on high-latency networks where time-to-first-byte is critical. Keep reading
TCP

White papers

Using CloudShark to ensure HIPAA privacy compliance

5 min read

Network packet captures present an interesting problem for HIPAA compliance, but they don’t have to be one that causes headaches. When it comes to securing electronic assets, packet captures are often overlooked more than other network and IT related resources. This is because they tend to be esoteric - compliance officers don’t need or want to have packets on their minds. Also, the methods through which they are obtained trend towards creating local, unaccountable copies of the traffic going over your network. Keep reading

Packet analysis

The TCP Timestamp Option

8 min read

We’re on a mission to tackle TCP, take it apart, and learn more about how it makes the internet work. Sample Captures Ahead! As always, we've gathered up the captures mentioned in this article into this collection over on CloudShark Did you know you can make collections just like this with CloudShark too? Learn more... Sample Captures Ahead! As always, we've gathered up the captures mentioned in this article into this collection over on CloudShark Did you know you can make collections just like this with CloudShark too? Keep reading
TCP

Packet analysis

TCP Window Scaling

8 min read

How Window Scaling keeps TCP moving at top speed Protocol choices made in older internet standards don’t scale to today’s network speeds. TCP (Transmission Control Protocol) has been making networks go for a very, very long time. As with many of the early internet protocols, limitations that seemed reasonable then can have a negative effect on performance now. Protocol designers allowed for future options to augment existing fields in order to keep them working effectively into the future. Keep reading
TCP

Product

Sharing Packet Capture Collections in CS Personal SaaS

3 min read

Users of CloudShark Personal SaaS can take captures they’ve uploaded and put them together in “collections”. Collections are great for matching up multiple captures that all have to do with the same topic or problem, and is ideal for educators and bloggers looking to use CloudShark captures in their classes and content. Better context makes for better analysis Like everything we build into CloudShark, we’re always surprised by new ways that people are using it. Keep reading