One of the most powerful tools we use when testing CloudShark is a combination of VMware Workstation and the Vagrant API interface. With Vagrant, we can test every permutation of CloudShark via a barrage of automated testing.
Along the way, we had to learn some of the lower level interfaces of these tools. We became aware of a vmnet-sniffer command that comes with VMware Workstation and VMware Fusion, which we use on our OS X workstations for development, and realized that it’s a great tool for capturing on virtual machines or in a cloud environment when used with CloudShark for analysis.
A common question we get other than where to find example packet captures is which packet capture tools exist that are either free, work in a command line, work directly with CloudShark, or all of the above. Here’s a list of our go-to capture tools (other than Wireshark of course) and the different scenarios in which they can be used.
tshark About ring buffers
CloudShark is made to work with capture files directly.
Bursty traffic, particularly microbursts, are an often overlooked phenomenon that can cause serious issues with network performance. We’ve explained before what microbursts are and what they look like, but how can you use existing tools to test your network’s reliability in the presence of microbursts?
How can I test network throughput? iPerf is one of the most commonly used tools to test network throughput. From their site:
iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks.
We often get requests from users of Google’s Chrome OS, the operating system installed on the Chromebook series of portable computers, on how to troubleshoot Wifi, apps, or websites. CloudShark is particularly helpful in these cases because installing Wireshark can be difficult or out of the expertise of those using systems like Chrome OS, particularly in education where Chrome OS has become very popular.
Packet capture in Chrome OS Luckily there are a few ways you can get a network capture in Chrome OS.
Automating remote capture with pcapdaemon and CloudShark from QA Cafe on Vimeo.
One of the most powerful ways to use CloudShark is to aggregate captures from multiple locations. While many network devices have packet capture natively (and some integrated with CloudShark upload), for other systems, it’s necessary to use custom scripts that utilize tshark (with the CloudShark plug-in for Wireshark installed) or tcpdump in tandem with CURL to use the CloudShark upload API.
We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi.
The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom.
CloudShark’s three key features - organizing, analyzing, and collaborating - all have their own ways of making packet capture analysis easier. In particular, organizing captures in a repository that can be tagged, sorted, and tracked can be made even more potent when you use it to centralize captures automatically from a variety of sources. Here’s three things you can do to build a packet capture network that pulls in captures from multiple locations:
There was a time when saying something like “native packet capture in Windows” would get you laughed out of a karaoke bar full of IT geeks. We’ll let that sentence settle in for a second… then tell you that yes, indeed, Windows 8 includes native packet capture, and you can easily integrate it with CloudShark!
This feature can be found using the netsh command. Included among a host of other network tools associated with the command is the trace argument, which can be used to begin and end an network trace.
We’re always geeking out over the multitude of things you can do with packet capture and CloudShark upload support in the popular open source OS for embedded devices, OpenWrt.
In addition to the ability to troubleshoot packet-level detail on home gateways, or monitoring wireless traffic, OpenWrt’s packet capture feature can turn any embedded device to a packet capture node that can instantly upload its data to CloudShark.
Accessing OpenWrt To turn a device into a network probe, you’ll need to be able to access the web user-interface of OpenWrt.
Have you ever wanted to capture and analyze what network traffic your smartphone or tablet is sending? Maybe you are developing a new app and need to debug a network issue, or maybe you are just curious about what network traffic an app is sending. Using a wireless router running OpenWrt with the CloudShark package makes capturing this traffic easy!
Once you have the OpenWrt CloudShark package installed connect your device to your OpenWrt wireless network and browse to the Status page of the OpenWrt router.
Those in the CPE world are probably very familiar with OpenWrt, an open source linux implementation for embedded devices, including home gateways or wireless routers. OpenWrt is popular and extensible, with over 3000 available packages.
Recently, an OpernWrt package was developed that adds QA Cafe CloudShark capture and upload capability. The new package supports packet capture and viewing directly in the browser. A home router can be instantly transformed into a network troubleshooting tool or probe.
Here in the CloudShark QA Department, we use many open source tools to accelerate our testing process - Capybara, JMeter, and Vagrant are each friends and family to our QA lab. When new product development zooms past the faithful heartbeat of test automation, every QA department in the world needs to fess up - manual testing helps get the job done.
One of the most useful ways of testing future versions of CloudShark is also a way to get some extra testing for free: the robust CloudShark API allows for hands-free manipulation of CloudShark packet capture assets.
We’re excited to have another great android app that can perform packet capture and upload to CloudShark.
Lostnet Soft’s App and Geo Firewall for Android devices lets you take full control of your mobile network connection, limiting what apps are allowed to use and observing the biggest offenders of data usage and sharing.
The firewall lets you set rules on both a per app and per location basis, so you can block access to addresses in particular countries if you suspect that there may be security violations, malware, or sharing of data that you did not approve.
One advantage of Android over iOS for those of us in the packet industry is the ability to access the network interfaces. The popular Kismet Android PCAP app lets you capture on a USB wireless adapter using an Android device. But did you know that you can also capture directly on Android’s wireless interface? Paired with Kismet’s CloudShark Uploader for Android and you can actually capture, upload, view, and analyze all from your mobile android device.
We’ve been talking a whole lot about integration lately. From our recent bout at Cisco Toolapalooza, to the great work that’s being done with Meraki, we’re finding that the best way people get comfortable with CloudShark is by incorporating it into their existing tools. There are a great many tools out there that can produce packet captures, and each one can find a different way to get those captures into CloudShark for easier collaboration and management.
The developers over at Kismet Wireless just released an packet capture app for Android devices that lets you use an external USB wireless adapter to capture layer 2 wireless LAN traffic and store in pcap format. How cool is that? The best part is, they’ve also built a handy CloudShark Uploader for Android as well!
When you have performed a capture using Android PCAP, you can then use the Android Cloudshark Uploader to directly upload your captures from your Android device to CloudShark.