Product

Sharing Packet Capture Collections in CS Personal SaaS

3 min read

Users of CloudShark Personal SaaS can take captures they’ve uploaded and put them together in “collections”. Collections are great for matching up multiple captures that all have to do with the same topic or problem, and is ideal for educators and bloggers looking to use CloudShark captures in their classes and content. Better context makes for better analysis Like everything we build into CloudShark, we’re always surprised by new ways that people are using it. Keep reading

Packet analysis

Packet capture on VMware virtual machines using vmnet-sniffer

5 min read

One of the most powerful tools we use when testing CloudShark is a combination of VMware Workstation and the Vagrant API interface. With Vagrant, we can test every permutation of CloudShark via a barrage of automated testing. Along the way, we had to learn some of the lower level interfaces of these tools. We became aware of a vmnet-sniffer command that comes with VMware Workstation and VMware Fusion, which we use on our OS X workstations for development, and realized that it’s a great tool for capturing on virtual machines or in a cloud environment when used with CloudShark for analysis. Keep reading

Product

Automating remote capture with pcapdaemon and CloudShark

2 min read

One of the most powerful ways to use CloudShark is to aggregate captures from multiple locations. While many network devices have packet capture natively (and some integrated with CloudShark upload), for other systems, it’s necessary to use custom scripts that utilize tshark (with the CloudShark plug-in for Wireshark installed) or tcpdump in tandem with CURL to use the CloudShark upload API. While all of these solutions are effective, they do require you to log into the remote machine (or have scripts to do so) in order to the initiate the captures. Keep reading

Product

SSL Key Management with CloudShark

1 min read

One of CloudShark’s most unique features is SSL stream viewing and rsa key management. Watch video on YouTube What do you do when you have certificates that you need to distribute to your team to look at encrypted data? How do you troubleshoot encrypted network traffic without having to give users access to your keys on their local machines? CloudShark contains a unique key management system in addition to its packet capture repository. Keep reading
SSL

Product

Upping the sensitivity on confidential captures

1 min read

While CloudShark’s packet capture holding capacity is limited only by the size of the disks available to it, many of our CloudShark users are curious about what to do if they want to automatically delete captures after a certain period of time. Some may have certain security requirements about capture contents, or others want to make sure that sensitive data isn’t used for nefarious purposes later. Whatever the reason, automatically deleting captures is possible with a little scripting and the CloudShark API. Keep reading

Product

Using the CloudShark Improved Search API

2 min read

CloudShark 2.0 added a lot of cool new features to CloudShark, but perhaps the most powerful (and most complex) was the addition of search capability to the CloudShark API. The search API function takes the already robust search features of CloudShark that were available through the user interface and brings them to anyone who wants to integrate CloudShark with their existing tools or work CloudShark seamlessly into their automation environment. Keep reading

Product

CloudShark G.722 decode support

1 min read

In CloudShark 1.9 we added the ability to play back RTP streams so that you can replay voice data embedded in packet captures for call quality analysis. When we launched this feature, CloudShark supported G.711, G.729, and GSM voice codecs, used by many voice and mobile providers. Since then, we’ve gotten a lot of calls (ha!) for the addition of other audio codecs to the system to be able to play them back as well. Keep reading

Product

Kerberos Decryption Support

1 min read

If you don’t already know, one of CloudShark’s main features is the ability to manage RSA keys and allow those keys to be used to decrypt SSL traffic, allowing users to view encrypted data without ever having to give out your RSA keys. But what about other types of encryption? We were recently approached about support for Kerberos in CloudShark captures. CloudShark can actually support the decryption of Kerberos encrypted data using the Wireshark preferences file that we showed you before for fixing your RTP decode settings. Keep reading

Product

Streaming Live Captures to CloudShark

4 min read

We’ve been talking a whole lot about integration lately. From our recent bout at Cisco Toolapalooza, to the great work that’s being done with Meraki, we’re finding that the best way people get comfortable with CloudShark is by incorporating it into their existing tools. There are a great many tools out there that can produce packet captures, and each one can find a different way to get those captures into CloudShark for easier collaboration and management. Keep reading

Product

Customizing Your CloudShark Experience

2 min read

We know how life can be when someone else drives your car, and all of your “preferences” - the seat position, mirror views, and your “greatest hits of 1991” satellite radio station are all modified. Or worse, imagine if you had to set them every time you got in the car! We can see how that would be super annoying (like the greatest hits of 1991*). Fortunately for CloudShark, you can actually configure certain packet capture view preferences and save them so that you’ll see things the way you want to every time you look at a capture. Keep reading

Product

Wireshark Preferences File and RTP Streams

1 min read

CloudShark 1.9 includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark. You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice. Keep reading

Product

Using Annotations in Graphs

2 min read

One of CloudShark’s main and most useful features is the ability to add annotations to individual packets, or to import packet comments from the pcap-ng format into CloudShark annotations. Not only does this make your own note-taking on your analysis easier, but allows you to share your annotations with your colleagues or customers when sharing the capture file URL. They can see your notes and get to the root of the problem faster. Keep reading

Product

Introduction to DeepSearch

1 min read

Find the packets you are looking for! DeepSearch is at the core of what makes CloudShark unique for managing and storing your entire repository of PCAP data. Our innovative technology allows you to search across the PCAP files in your archive and find individual packets in each of them. DeepSearch lets you get more out of your capture archive by finding packets that match standard Wireshark filters. Select a set of captures, run DeepSearch, and CloudShark will identify the captures containing those packets. Keep reading