Category: Did You Know

Thursday, Jul 2, 2015

How do you debug web applications that use encrypted channels?

Well, it’s official; the IETF has officially deprecated SSLv3.0. This means that it’s now a protocol violation to fall back to it. This is good news, since the number and types of attacks have been on the rise for awhile now. We’d like to take the opportunity to explore how to debug web applications that use HTTPS over SSL/TLS in CloudShark. It’s undeniable that debugging HTTP traffic is one of the most common use-cases for a packet decoder.

Read the whole entry »

Friday, May 2, 2014

Five Reasons to Move to the Pcapng Capture Format

The pcap capture file format has been the universal packet capture format since the early days of computer networking. Almost all capture tools support the pcap format. And while vendors have created new formats over the years, most tools support conversion into the pcap format. While pcap continues to be used today, it does have some limitations that make other formats more attractive. A new format called “pcapng” has been under development for a number of years.

Read the whole entry »

Thursday, Feb 6, 2014

Upping the sensitivity on confidential captures

While CloudShark’s packet capture holding capacity is limited only by the size of the disks available to it, many of our CloudShark users are curious about what to do if they want to automatically delete captures after a certain period of time. Some may have certain security requirements about capture contents, or others want to make sure that sensitive data isn’t used for nefarious purposes later. Whatever the reason, automatically deleting captures is possible with a little scripting and the CloudShark API.

Read the whole entry »

Tuesday, Jan 21, 2014

Using the CloudShark Improved Search API

CloudShark 2.0 added a lot of cool new features to CloudShark, but perhaps the most powerful (and most complex) was the addition of search capability to the CloudShark API. The search API function takes the already robust search features of CloudShark that were available through the user interface and brings them to anyone who wants to integrate CloudShark with their existing tools or work CloudShark seamlessly into their automation environment.

Read the whole entry »

Thursday, Dec 12, 2013

CloudShark G.722 decode support

In CloudShark 1.9 we added the ability to play back RTP streams so that you can replay voice data embedded in packet captures for call quality analysis. When we launched this feature, CloudShark supported G.711, G.729, and GSM voice codecs, used by many voice and mobile providers. Since then, we’ve gotten a lot of calls (ha!) for the addition of other audio codecs to the system to be able to play them back as well.

Read the whole entry »

Thursday, Nov 7, 2013

Easily Adding Custom Dissectors to CloudShark

It’s no secret that CloudShark uses tshark to generate the data we use in the CloudShark database, resulting in what you see when you view a capture in the CloudShark viewer. CloudShark sorts and caches this information to make it faster and easier for you to get to the information you need, when you need it. The added advantage of using tshark is that all of the most recent dissectors published in the latest versions of Wireshark can be used in CloudShark immediately without any additional work.

Read the whole entry »

Tuesday, Oct 29, 2013

Streaming Live Captures to CloudShark

We’ve been talking a whole lot about integration lately. From our recent bout at Cisco Toolapalooza, to the great work that’s being done with Meraki, we’re finding that the best way people get comfortable with CloudShark is by incorporating it into their existing tools. There are a great many tools out there that can produce packet captures, and each one can find a different way to get those captures into CloudShark for easier collaboration and management.

Read the whole entry »

Tuesday, Oct 1, 2013

Sharing files in CloudShark Solo

One of the key features of CloudShark is the ability to share files with colleagues or customers by passing along the URL of the capture file. In the CloudShark Appliance, this is most often done to share files with specific users or groups of your CloudShark system - that is, people who have user accounts on the system. What do you do in CloudShark Solo, which is built for a single user and doesn’t possess additional users or groups?

Read the whole entry »

Tuesday, Sep 17, 2013

Wireshark Preferences File and RTP Streams

CloudShark 1.9 includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark. You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice.

Read the whole entry »

Tuesday, Aug 27, 2013

Using Annotations in Graphs

One of CloudShark’s main and most useful features is the ability to add annotations to individual packets, or to import packet comments from the pcap-ng format into CloudShark annotations. Not only does this make your own note-taking on your analysis easier, but allows you to share your annotations with your colleagues or customers when sharing the capture file URL. They can see your notes and get to the root of the problem faster.

Read the whole entry »

Wednesday, Jun 6, 2012

Search for *anything* in a capture - did you know?

The great thing about CloudShark’s capture decode is that it supports all of the standard Wireshark display filters. You may know the common ones, such as searching on ip address or tcp port, or even protocol; but did you know you can search for any ASCII or Hex values in any field throughout the capture? It’s true. The “frame contains” filter will let you pick out only those packets that contain a sequence of any ASCII or Hex value that you specify.

Read the whole entry »


Popular Tags

About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: