Packet analysis

Getting started with packet analysis

4 min read

There’s three questions we get asked the most here at CloudShark: How do I capture packets and get them into CloudShark? Where can I find example packet captures? Where do I start with packet capture analysis? That last question is very important to us, because one of the things we always want to promote is demystifying the use of packet captures to troubleshoot network and security problems. They are really are the best way, and with the right tools and knowledge they can be your first go-to. Keep reading

Packet analysis

What are some easy to use packet capture tools?

5 min read

A common question we get other than where to find example packet captures is which packet capture tools exist that are either free, work in a command line, work directly with CloudShark, or all of the above. Here’s a list of our go-to capture tools (other than Wireshark of course) and the different scenarios in which they can be used. tshark About ring buffers CloudShark is made to work with capture files directly. Keep reading

Packet analysis

Five Reasons to Move to the Pcapng Capture Format

5 min read

The pcap capture file format has been the universal packet capture format since the early days of computer networking. Almost all capture tools support the pcap format. And while vendors have created new formats over the years, most tools support conversion into the pcap format. While pcap continues to be used today, it does have some limitations that make other formats more attractive. A new format called “pcapng” has been under development for a number of years. Keep reading

Integrators

Easily Adding Custom Dissectors to CloudShark

2 min read

It’s no secret that CloudShark uses tshark to generate the data we use in the CloudShark database, resulting in what you see when you view a capture in the CloudShark viewer. CloudShark sorts and caches this information to make it faster and easier for you to get to the information you need, when you need it. The added advantage of using tshark is that all of the most recent dissectors published in the latest versions of Wireshark can be used in CloudShark immediately without any additional work. Keep reading

Product

Wireshark Preferences File and RTP Streams

1 min read

CloudShark 1.9 includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark. You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice. Keep reading

Packet analysis

Search for *anything* in a capture - did you know?

2 min read

The great thing about CloudShark’s capture decode is that it supports all of the standard Wireshark display filters. You may know the common ones, such as searching on ip address or tcp port, or even protocol; but did you know you can search for any ASCII or Hex values in any field throughout the capture? It’s true. The “frame contains” filter will let you pick out only those packets that contain a sequence of any ASCII or Hex value that you specify. Keep reading