CloudShark

Category: Featured

Thursday, Oct 18, 2018

Using Column Presets in Wireless Analysis

Troubleshooting wireless problems often requires a deep dive down to the packet level. But with so much information in there, how do you know where to look first? CloudShark’s profile presets help set up your view to give you the summary columns you need. It’s a quick and easy way to get the most information about your network traffic. Here’s how to set it up for wireless captures. It all starts with the right profile Building on our own analysis experience, CloudShark has created a default profile for looking at 802.

Read the whole entry »


Tuesday, Oct 9, 2018

How to Identify and Analyze BitTorrent Alerts in Your Network

Tracking down BitTorrent activity with packet captures We love the exercises at malware-traffic-analysis.net, and occasionally we’ll pick some that we try to solve using CloudShark and its tools. This time however, we’re going through one armed with tools that we learned from Brad’s class (the author of malware-traffic-analysis) at Sharkfest US 2018, where he gave an in-depth class on using packet captures for malware analysis, as well as a presentation on Analyzing Windows malware traffic.

Read the whole entry »


Tuesday, Aug 7, 2018

Sharing Packet Capture Collections on CloudShark Online

Users of CloudShark Online can take captures they’ve uploaded and put them together in “collections”. Collections are great for matching up multiple captures that all have to do with the same topic or problem, and is ideal for educators and bloggers looking to use CloudShark captures in their classes and content. Better context makes for better analysis Like everything we build into CloudShark, we’re always surprised by new ways that people are using it.

Read the whole entry »


Monday, Aug 6, 2018

Getting started with packet analysis

There’s three questions we get asked the most here at CloudShark: How do I capture packets and get them into CloudShark? Where can I find example packet captures? Where do I start with packet capture analysis? That last question is very important to us, because one of the things we always want to promote is demystifying the use of packet captures to troubleshoot network and security problems. They are really are the best way, and with the right tools and knowledge they can be your first go-to.

Read the whole entry »


Monday, Jul 23, 2018

What is new with TLS 1.3 - some capture examples

In August of 2018, the Internet Engineering Task Force (IETF) moved Transport Layer Security (TLS) Version 1.3 to RFC 8446. In the world of networking standards, this means it has been properly vetted by the community and is officially ready for showtime on clients and servers. About these captures We're able to look at TLS 1.3 handshakes thanks to support for the protocol in tshark 2.6. CloudShark 3.5 and later versions have support for TLS 1.

Read the whole entry »


Monday, Jul 9, 2018

Packet capture on VMware virtual machines using vmnet-sniffer

One of the most powerful tools we use when testing CloudShark is a combination of VMware Workstation and the Vagrant API interface. With Vagrant, we can test every permutation of CloudShark via a barrage of automated testing. Along the way, we had to learn some of the lower level interfaces of these tools. We became aware of a vmnet-sniffer command that comes with VMware Workstation and VMware Fusion, which we use on our OS X workstations for development, and realized that it’s a great tool for capturing on virtual machines or in a cloud environment when used with CloudShark for analysis.

Read the whole entry »


Thursday, Jun 21, 2018

Leaking sensitive data while using VPNs

People use Virtual Private Networks (VPNs) for a number of reasons, mostly for enterprise work where it’s necessary to be connected to a company’s network resources when working remotely. Others use them to ensure their network activity is private, using a secure connection to a VPN service. In the latter case, however, a misconfigured VPN setup can cause certain information to remain unsecured, allowing an observer to learn a user’s public and private IP addresses and witness its DNS requests.

Read the whole entry »


Tuesday, Jun 5, 2018

Using filters for navigation and sharing

CloudShark’s display filters are 100% compatible with the Wireshark filters used in packet analysis. With CloudShark, they present a new opportunity for use when sharing your captures with colleagues in order to both present the view you are looking at, or to help navigate to a section of the capture you want them to see. Here’s some tricks we use when getting around town in CloudShark. Filter based on capture content If you know there’s something in the capture you’re looking for immediately, and you want others to see what you’re thinking, you can use the filter ‘frame contains’ to search for a literal string that exists in the capture.

Read the whole entry »


Tuesday, May 29, 2018

What are some easy to use packet capture tools?

A common question we get other than where to find example packet captures is which packet capture tools exist that are either free, work in a command line, work directly with CloudShark, or all of the above. Here’s a list of our go-to capture tools (other than Wireshark of course) and the different scenarios in which they can be used. tshark About ring buffers CloudShark is made to work with capture files directly.

Read the whole entry »


Monday, May 7, 2018

The effects of traffic bursts on network hardware

We’ve written extensively about the phenomenon of network microbursts and how to use the iPerf network performance tool to create them in order to test their effects on your network. Our interest in them grew out of our work with Velocimetrics, since microbursts can have pretty significant effects in financial/trade markets. Our journey down the rabbit-hole got us interested in seeing the effects of microbursts on switches and interfaces in a test network.

Read the whole entry »


Monday, Apr 30, 2018

How do you test microburst effects using iPerf?

Bursty traffic, particularly microbursts, are an often overlooked phenomenon that can cause serious issues with network performance. We’ve explained before what microbursts are and what they look like, but how can you use existing tools to test your network’s reliability in the presence of microbursts? How can I test network throughput? iPerf is one of the most commonly used tools to test network throughput. From their site: iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks.

Read the whole entry »


Saturday, Apr 14, 2018

What is a network microburst and how can you detect them?

When packets are transmitted from one interface to another, they aren’t necessarily delivered consistently. When a multitasking OS gives CPU time to the network process, it will send as much data as it can in the shortest time. In addition, for each “hop” that data traverses, buffering and other resource bottlenecks inherently make most traffic “bursty”. However, not all bursts are easily detected. A tool with fine enough granularity

Read the whole entry »


Monday, Apr 2, 2018

Finding slow http responses

One of the more practical, and yet fundamental uses of packet capture analysis in todays networks is examining HTTP flows to isolate problems with the protocol or underlying network interactions. If you’re writing a web application or trying to debug why a particular service is slow, filtering for and graphing http response times can give you an instant picture of overall performance and outliers. About HTTP response times The http response time is the delta time between when an http request is transmitted, and when the http response is transmitted.

Read the whole entry »


Thursday, Mar 15, 2018

Securely troubleshoot remote systems with Couchdrop and CloudShark

Couchdrop.io is a secure cloud storage service that lets you use SCP to manipulate your data assets. They’ve integrated with cloud storage giants like Dropbox, Google Drive, and AWS-S3. With their CloudShark integration, you can make use of custom scripts or interaction with remote servers that have packet capture capability to instantly and securely push network traces to CloudShark, analyzing them without ever leaving your browser. Working with logs, captures, and other remote data Couchdrop is a cloud-based SCP server that can be used for any kind of data, but it has some particular advantages when troubleshooting remote servers, firewalls, and other systems.

Read the whole entry »


Monday, Mar 5, 2018

Exploring the memcached DDoS attack

During the last week of February in 2018, several big internet sites started seeing a huge increase in a particular style of DDoS attack, taking advantage of the memcached protocol. Being the packet geeks we are, we wanted to explore the attack on one of our own internal servers and get a capture of what’s happening at the packet level so you can see it in action. What is memcached?

Read the whole entry »


Monday, Feb 12, 2018

Using captures in your StackStorm event driven automation

StackStorm, by Extreme Networks, is a powerful automation platform that wires together all of your apps, services and workflows. It is richly extensible, letting you integrate with all manner of network equipment, analysis tools, and more. They have both an open source version and a version that is part of Extreme Networks’ “Extreme Workflow Composer”. The team there has built a plug-in for CloudShark upload that they featured at Networking Field Day 17 (part of their StackStorm-Exchange open source projects).

Read the whole entry »


Friday, Feb 2, 2018

Malware Analysis Exercise - When Your Users Run Email Attachments

CloudShark developer and packet guru Tom Peterson gives us another example from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. The exercise: Two Malicious E-mails, Two PCAPs to Analyze In this exercise, we need to find out what happened when some users downloaded some suspicious attachments and executed the attachments contained therein.

Read the whole entry »


Tuesday, Jan 30, 2018

Using Follow Stream for Packet Capture Analysis

When getting to the heart of an application or security problem, finding the right TCP stream and following it using the “Follow TCP Stream” view in CloudShark is usually the place you want to get to in order to see an issue in action, for a great many use cases. But how do you find the right stream, and what should you look for once you’re viewing it? What is a stream?

Read the whole entry »


Tuesday, Jan 16, 2018

Packet Capture in Chrome OS

We often get requests from users of Google’s Chrome OS, the operating system installed on the Chromebook series of portable computers, on how to troubleshoot Wifi, apps, or websites. CloudShark is particularly helpful in these cases because installing Wireshark can be difficult or out of the expertise of those using systems like Chrome OS, particularly in education where Chrome OS has become very popular. Packet capture in Chrome OS Luckily there are a few ways you can get a network capture in Chrome OS.

Read the whole entry »


Thursday, Dec 21, 2017

Six Malware Traffic Analysis Exercises in One

CloudShark developer and packet guru Tom Peterson gives us another example from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. The exercise: 6 different pcaps with different malicious activity The 2017-11-21 malware traffic analysis exercise is a bit different than the past two I’ve dug into. This exercise is simply 6 PCAPs and our task is to just figure out what’s happening in each one.

Read the whole entry »


Friday, Dec 15, 2017

Network Troubleshooting with Aerohive Hivemanager NG and CloudShark

Watch our in-depth video If you deploy Aerohive devices in your network, solving problems using network captures will get it done faster. Aerohive’s integration with CloudShark makes it easy to actually work with real network traces. Watch our in-depth seminar above on how to solve a real-world problem using HiveManger NG and CloudShark. If you’re brand new, you can read the basics of how to set up your Aerohive system with CloudShark.

Read the whole entry »


Monday, Dec 11, 2017

CloudShark 3.4 - GeoIP maps, custom protocol preferences, and more

It’s the beginning of Winter here, and that means the devs are hard at work building new features into CloudShark to prevent themselves from freezing. The good news is that this has given us CloudShark 3.4, with the ability to see at a glance where in the world packets or malware traffic is coming from (or going to!), tracking bandwidth at the sub-millisecond level, or tweaking protocol decode preferences to fine tune your analysis.

Read the whole entry »


Wednesday, Dec 6, 2017

Windows 10 Malware Analysis Exercise in CloudShark

CloudShark developer and packet guru Tom Peterson has been deep in the trenches doing malware analysis exercises from malware-traffic-analysis.net to learn how to best use CloudShark and our Threat Assessment add-on to get to the root of malicious activity. Let’s join him now for his latest exercise. What’s up with this Windows 10 PC? Hi all! Tom here from CloudShark Support. One of the latest exercises from malware-traffic-analysis.net involves seeing some malicious traffic coming from a Windows 10 PC, as set up in the 2017-10-21 malware traffic analysis exercise.

Read the whole entry »


Thursday, Nov 30, 2017

Velocimetrics partners with CloudShark for better data visibility in trading environments

We’re happen to announce a great partnership with Velocimetrics, who has integrated CloudShark Enterprise into their financial/trade data network visibility solution. Read the full press release or summary here: Velocimetrics, the provider of real-time business flow tracking and performance analytics and CloudShark, the world’s first web-based packet capture management and analysis system have today announced a tie-up, which will enable traders, network operatives and financial IT specialists to have greater visibility into network packets of data.

Read the whole entry »


Wednesday, Oct 25, 2017

Where can I find sample packet captures?

CloudShark’s capture repository is great for uploading your own captures and building a complete list of your network capture history and all of the captures that are most important to you. But, one of the most frequent questions we get is “Where can I find sample packet captures?“” Here’s our favorite resources for finding sample packet captures of various protocols and scenarios: Packetlife.net Jeremy Stretch runs the blog packetlife.

Read the whole entry »


Wednesday, Oct 11, 2017

Getting and using KEYLOG files from cURL

Trying to debug a web application that is dependent on running over a secure connection is difficult. It used to be that it required you to have the private key (in RSA format) in order to do so, and for those situations, CloudShark Enterprise’s RSA Key Management system is ideal. The alternative is to grab a “keylog” file from your browser and use that within CloudShark to decrypt the stream.

Read the whole entry »


Thursday, Oct 5, 2017

Malware Analysis Exercise in CloudShark - 2017-09-19

Hi all! Tom here. You may remember me as the face of CloudShark Support, and your host in our last malware analysis packet capture challenge. I’ve been working through more of the traffic analysis exercises posted at malware-traffic-analysis.net, that we featured in our challenge. These exercises have been a great way to learn how to jump to packet captures first when looking at a potential malware attack. I found them really fun to go through and really digging deep into specific examples of malware and how it infects hosts and networks.

Read the whole entry »


Tuesday, Oct 3, 2017

Add Functionality with the CloudShark Chrome Extension

Deep in the explosive and risky CloudShark laboratory, we’ve been cooking up a special Chrome extension just for CloudShark users. Download the extension The extension adds the ability for Chrome users to right-click on a capture in the capture list view and go directly to an analysis tool, rather than opening the packet viewer first. It’s definitely something that’s been asked for by our users! In addition, we’ve uploaded the source of the extension as an open-source project on github.

Read the whole entry »


Thursday, Sep 7, 2017

Malware Analysis Webinar Challenge

Thanks to those who participated in our latest Challenge! You can watch the webinar walkthrough here: We’ve been a big fan of malware-traffic-analysis.net. They have a huge archive with cool examples of malicious network attacks and malware attempts, and do a great job taking even newbies through the examples. We wanted to bring one of those examples to our users to see how to solve it in CloudShark.

Read the whole entry »


Tuesday, Sep 5, 2017

Using Column Presets in Wireless Analysis

Troubleshooting wireless problems often requires a deep dive down to the packet level. But with so much information in there, how do you know where to look first? CloudShark’s new Wireless profile preset helps set up your view to give you the summary columns you need. It’s a quick and easy way to get the most information about your network traffic. It all starts with the right profile Building on our own analysis experience, CloudShark has created a default profile for looking at 802.

Read the whole entry »


Monday, Aug 28, 2017

CloudShark for MSPs

If you’re a Managed Service Provider or other IT outsourcing company, chances are you’ve had to use packet capture on many occasions to help customers solve network problems. With the right analysis tools, packet captures can be your go-to resource to help you get to the root of problems faster and make customer interactions easier. Packet Capture: Your Greatest Asset For the Managed Service Provider, packet capture files are generally the quickest way to get to the root cause of a network, application, or security problem.

Read the whole entry »


Friday, Jul 28, 2017

Using the Wireless Networks tool to see other networks around you

When an wireless access point wants to advertise its available networks, it sends out 802.11 beacon frames. These frames are seen by other 802.11 receiving radios, and if you can capture those frames, you can use CloudShark’s Wireless Networks tool to see all of the wireless networks (named with their SSIDs) nearby. Alternatively, when Wifi stations come online, they may send out a frame called a “Probe Request”. An access point can respond to these requests with a “Probe Response”.

Read the whole entry »


Monday, Jul 24, 2017

Examining Network Delay with Wireless Retries

Ever since the folks at Aerohive decided to integrate HiveManger NG with CloudShark, we’ve been excited to play around see what exactly we can learn from looking at packet captures from wireless networks. So, naturally, our CloudShark dev and support guru Tom was happy to jump on it when we got some of their Access Points here at CloudShark. Our network is a bit tricky, since our sister product CDRouter is busy testing all sorts of broadband routers and wireless APs with their networks on, so he brought it out of the noise and tested it at home for a night.

Read the whole entry »


Thursday, Jul 13, 2017

Merging Captures from Multiple Wifi Radio Interfaces

Today’s Wireless Access Points have multiple radio interfaces (for the 2.4 GHz and 5 GHz ranges) that can both host Wifi clients. What if you want to see capture data from both? Aerohive’s HiveManagerNG lets you capture on both of these interfaces at the same time. This makes two different captures, but with CloudShark’s Merge feature you can put them together and view all of the packets going through your AP at once.

Read the whole entry »


Thursday, Jul 6, 2017

Learning how to Troubleshoot WiFi

Now that we have our new Aerohive APs in our office, we’ve been excited to learn more about wireless troubleshooting and debugging. The built-in packet capture feature in HiveManager NG makes getting traces into CloudShark for analysis really easy. Now that we have the traces, what do we do with them? We wanted to put together a list of some of the resources that have helped us get started learning about the 802.

Read the whole entry »


Thursday, Jun 29, 2017

What can I do with my Aerohive captures once they are in CloudShark?

By now you’ve signed up for a CloudShark account and probably pushed your first capture from HiveManager NG into your repository. Where do you go from here? What sort of things should you be looking for? What exactly have I captured? A packet capture file sourced from your Aerohive device contains a record of all network traffic that passed through the interface you chose when doing your capture. In HiveManager NG, if you have captured on a WLAN interface, this will be 802.

Read the whole entry »


Tuesday, Jun 13, 2017

CloudShark at Sharkfest 2017

Sharkfest 2017 was fun. Zach and Tom made an appearance on behalf of CloudShark: Sharkfest talks we’re looking forward to We make CloudShark because we want to make packet analysis easier for everybody - and who better to learn from than the experts themselves? Since everything we learn will help make CloudShark better, here are a few of the SharkFest talks we’re looking forward to: Using Wireshark to solve real problems for real people Kary Rogers is a packet jockey of PacketBomb fame - and as he says on his site, the packet’s don’t lie.

Read the whole entry »


Tuesday, Mar 7, 2017

Search Engine Indexing and CloudShark

The news cycle about cyber-security has been more active than ever before. When we launched CloudShark back in 2010, we knew there would be some hesitation in putting something as sensitive as packet captures in the cloud. While the world has grown since then, we wanted to write a quick note for transparency about how CloudShark data is contained and shared. How CloudShark Sessions Work Each upload to CloudShark generates a unique “session” URL.

Read the whole entry »


Monday, Mar 6, 2017

Introducing Threat Analysis in CloudShark

Watch the video. Cyber attacks today are bigger, faster, and happening more frequently than ever. Intrusion detection system alerts are only the beginning of the story. CloudShark Threat Assessment quickly takes you from the network alert all the way down to the individual packets, so you can determine the root cause and protect your network.

Read the whole entry »


Monday, Sep 19, 2016

Best Practices for Managing and Securing Network Capture Files

This article is the full text of our white paper on the same topic Packet Capture Files: Valuable but Vulnerable Packet capture files - files that record network traffic—are invaluable resources for network administrators, help desk staff, and IT security experts. Filled with application data and protocols, timestamps, and error codes, these files provide IT engineers with a detailed view of what took place on a network during a specific period of time.

Read the whole entry »


Friday, Sep 16, 2016

HIPAA, shadow IT, and the packet capture problem

Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. Recently we’ve been having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”. HIPAA and packet captures The relevant parts of HIPAA to packet capture security include sections on workstation use and security, device and media controls (including rules for backup and storage), access controls to electronic resources, and a section that addresses transmission security, which requires encryption of those record during transmission.

Read the whole entry »


Wednesday, Sep 14, 2016

Automating remote capture with pcapdaemon and CloudShark

Automating remote capture with pcapdaemon and CloudShark from QA Cafe on Vimeo. One of the most powerful ways to use CloudShark is to aggregate captures from multiple locations. While many network devices have packet capture natively (and some integrated with CloudShark upload), for other systems, it’s necessary to use custom scripts that utilize tshark (with the CloudShark plug-in for Wireshark installed) or tcpdump in tandem with CURL to use the CloudShark upload API.

Read the whole entry »


Friday, Aug 26, 2016

Solutions: The Big Byte Capture Challenge

Every summer the devs here at CloudShark engage in a “Summer Coding Challenge” to flex their programming muscles and relive the glory (horror?) days of computer science homework. It just so happens that one of those challenges this year made a great packet capture challenge for you CloudShark fans! We got a lot of great answers - we have some of those solutions below, but if you don’t want it spoiled and want to try the capture for yourself, here it is:

Read the whole entry »


Thursday, Jul 21, 2016

Searching your captures with CloudShark DeepSearch (Webinar)

Join our webinar on Tuesday, August 2nd, at 11:00 EDT New in CloudShark 3.0, DeepSearch lets you get more out of your capture archive by finding packets that match standard Wireshark filters. Then use CloudShark’s web-based analysis to drill-down, share, and resolve. It’s that easy. Join the CloudShark team as we show you: Selecting captures to DeepSearch Several DeepSearch use cases Re-using previously used filters And more! This is part of our ongoing CloudShark webinar series.

Read the whole entry »


Monday, Jul 11, 2016

CloudShark 3.0 - Introducing DeepSearch

These are the packets you’re looking for Watch the video. New In CloudShark 3.0, DeepSearch lets you get more out of your capture archive by finding packets that match standard Wireshark filters. Select captures, run a DeepSearch, and CloudShark will identify the captures containing those packets. Then use CloudShark’s web-based analysis to drill-down, share, and resolve. It’s that easy. Features Look inside your captures without pouring over packets Use standard Wireshark display filters across multiple captures Easily drill-down to find security events and application problems Sign up for a hosted account or install a local CloudShark Enterprise server and let CloudShark DeepSearch take over the hard work of looking through your packets.

Read the whole entry »


Friday, Apr 8, 2016

In-depth overview of the CloudShark API

Watch the video. A CloudShark Online account or your own instance of CloudShark Enterprise comes with full access to our API, letting you upload captures, search your repository, and more using your own tools and scripts. Join the CloudShark team as we show you: How to find and create API tokens and API permissions Using upload, search, and other API functions Using the API to build remote capture uploads in Raspberry Pi And more!

Read the whole entry »


Thursday, Mar 31, 2016

Building a network capture probe with Raspberry Pi

We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi. The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom.

Read the whole entry »


Monday, Feb 29, 2016

Wireless Analysis with CloudShark and Airtool

Watch the video. Sometimes when analyzing problems in Wifi networks you need to go straight to the packets. What tools are there to do Wifi capture? What should you look for in your packets? Watch one of our premier integrators, Airtool’s Adrian Granados, as he shows you: Installing and configuring the Airtool wireless tool for OSX Capturing and uploading to CloudShark Wifi packet analysis tools in CloudShark And more!

Read the whole entry »


Wednesday, Feb 17, 2016

Capture of recently discovered glibc getaddrinfo() vulnerability

The folks at Google Security recently discovered a vulnerability in glibc’s getaddrinfo() library function, allowing attackers to execute malicious code transmitted in oversized DNS replies. Scary stuff! Luckily, there’s already a patch, and the developers generated some proof of concept code to demonstrate the vulnerability. We took that code and ran it against some of our own systems. You can see a packet capture of the whole thing here: https://www.cloudshark.org/captures/0a13d445cb31

Read the whole entry »


Tuesday, Feb 9, 2016

Using CloudShark with your Meraki Dashboard

Watch the video. If you’re a Meraki user or MSP, you’ve probably seen the ability to point to CloudShark in your Dashboard. How does it work? What can you do with it? Join us as we show you: Configuring your Meraki dashboard for CloudShark uploads Capturing packets in your dashboard Analyzing in CloudShark

Read the whole entry »


Tuesday, Dec 15, 2015

Merging and splitting captures in CloudShark

Watch the video. Export captures to a new session based on filter rules Merge captures from multiple sources or times into a single capture When we first made CloudShark, we stuck to making the best and easiet to use packet capture analysis tool out there. As we made more and more improvements to CloudShark and its host of analysis tools, we’ve gotten many requests for the ability to manipulate the captures themselves - whether it be splitting them into smaller, more manageable sizes or performing a capture merge that can put two sets of packet data in order and remove duplicates.

Read the whole entry »


Tuesday, Nov 17, 2015

CloudShark 2.7 - protocol ladder diagrams

Watch the video. CloudShark 2.7 is here, and once again we’re changing the way that web technology can change capture analysis with our “ladder diagrams” - packet visualizations just like SIP call flow diagrams but for ANY protocol and ANY conversation. You can watch the video above or read the full CloudShark 2.7 release notes here.

Read the whole entry »


Thursday, Oct 22, 2015

Best practices for using remote capture with CloudShark

CloudShark’s three key features - organizing, analyzing, and collaborating - all have their own ways of making packet capture analysis easier. In particular, organizing captures in a repository that can be tagged, sorted, and tracked can be made even more potent when you use it to centralize captures automatically from a variety of sources. Here’s three things you can do to build a packet capture network that pulls in captures from multiple locations:

Read the whole entry »


Wednesday, Sep 9, 2015

How do you have captures automatically expire?

Watch the video. One of our most requested features that we added to CloudShark 2.6 was the ability to have captures automatically delete after a certain time period has expired. Since CloudShark can hold a virtually unlimited number of captures, this is useful for those who wish to preserve disk space or have specific retention rules due to their company’s security policy or from regulations like HIPPA. Using this feature is very simple!

Read the whole entry »


Wednesday, Aug 5, 2015

Airtool CloudShark Integration

Watch the video. We absolutely love the community that CloudShark and the CloudShark API has created. Adding to our list of integrators is Adrian Granados creator of the free Wifi tool for Mac called Airtool. Airtool is a free Mac OS X menu bar application that lets you check and configure wireless settings. It also performs captures across one or more Wi-Fi channels. In his version of Airtool 1.2, Adrian has been kind enough to add CloudShark as a target destination for captured packets.

Read the whole entry »


Tuesday, Aug 4, 2015

CloudShark 2.6.0 - Auto-Delete, OAuth, and New User Tools

Watch the video. After spending some time in deep meditation, the CloudShark team is ready to bring you CloudShark 2.6.0. Why two-dot-six-dot-zero you ask? We’re switching officially to semantic versioning, which means you can know at a glance the level of changes that we’ve made to CloudShark, which will hopefully make our users more confident that upgrades won’t break all that wonderful, personalized integration you’ve done. That said, we have some exciting great new features to highlight, some of which were made to assist in our rollout of CloudShark Personal Accounts on CloudShark.

Read the whole entry »


Thursday, Jul 2, 2015

How do you debug web applications that use encrypted channels?

Well, it’s official; the IETF has officially deprecated SSLv3.0. This means that it’s now a protocol violation to fall back to it. This is good news, since the number and types of attacks have been on the rise for awhile now. We’d like to take the opportunity to explore how to debug web applications that use HTTPS over SSL/TLS in CloudShark. It’s undeniable that debugging HTTP traffic is one of the most common use-cases for a packet decoder.

Read the whole entry »


Tuesday, May 19, 2015

AccessAgility Wifi Scanner Includes CloudShark Support

We’re always excited whenever a new network tool or packet capture service is able to make use of the CloudShark API in order to integrate the seamless analysis of packet captures into their products. Integrators like AccessAgility’s Wifi Scanner are exactly what CloudShark was designed for. Wifi Scanner Manager is a cloud-managed Wifi scanner that, when paired with WFS Agents, lets them become instant WiFi scanners and performance testers. You can find access points, determine their connectivity, do quick spot surveying, and find unauthorized access points.

Read the whole entry »


Thursday, May 14, 2015

All about SSL key logging

In CloudShark 2.5, we added the ability to use SSL key log file data in order to decrypt SSL streams in the packet viewer. But what exactly is an SSL key log file, and how do you get them so that you can do web site and web service debugging? A key log is a log of the values used by your web browser to generate TLS session keys. Your browser does this every time, but it doesn’t do anything else with those values once they are used.

Read the whole entry »


Monday, Apr 27, 2015

Using a bandwidth preview to triage captures

CloudShark 2.5, added a cool new feature: the ability to view a small sparkline graph of each of your captures packets-per-second (bandwidth). You can add this to your index view by editing the table options in your capture file index. How might such a thing be useful? Quickly noticing patterns Some issues can be seen in the regularity of certain traffic patterns. For instance, seeing packet rate spikes occur at regular intervals can point to a rogue agent on your network attempting some funny business, or issues with applications trying to accomplish some network heavy task, then repeating it when it is unsuccessful.

Read the whole entry »


Friday, Apr 24, 2015

Captures and Analysis of the QUANTUMINSERT Attack

We now know a lot about the NSA’s various techniques in its QUANTUM program. One of the most prolific (and sneaky) of these attacks is the “QUANTUMINSERT”, which exploits a long-known TCP vulnerability that will cause, effectively, a redirect to a malicious resource. It’s tricky, since it requires careful timing; the spoofed packet needs to arrive before the expected packet. One of our most engaging customers, Fox-IT, is an active team of hackers, programmers, and cybersecurity experts that provides innovative solutions for government, defense, law enforcement, critical infrastructure, banking, and commercial enterprise clients worldwide.

Read the whole entry »


Thursday, Apr 23, 2015

TruePath Technologies complete nTop/CloudShark solution

It’s not often that seamless solutions present themselves as well as they do with nTop’s CloudShark integration with their n2disk product. What could make it even better is the ability to get an all-in-one network monitoring and analysis system with both of these systems through TruePath Technologies. An official CloudShark reseller, TruePath offers a suite of monitoring software and monitoring software services to help companies harness the potential of their networks, and specializes in in-house services for new or existing IT monitoring software.

Read the whole entry »


Tuesday, Apr 7, 2015

Running CloudShark on Amazon Web Services

Check out how to do it here: Watch the video. We’re pleased to say you can now easily install CloudShark on Amazon Web Services with just a few simple steps. CloudShark on AWS lets you maintain full control over your server without the added headaches of managing physical servers or VM infrastructure. You can get set up in minutes, whether you’re running a CloudShark trial or you’ve just purchased CloudShark and are ready to get going.

Read the whole entry »


Wednesday, Mar 18, 2015

CloudShark 2.5 - Geolocation, HTTP object forensics, Wireless decryption

Zach gives us an update here: Watch the video. Yes, it’s only been two months, but we had so many great ideas percolating (Yes, percolating. Like coffee.) that we couldn’t hold back any longer. Here’s the new and improved CloudShark 2.5. The endpoints tool A lot of people have asked us to have a tool that is a one-stop shop for the most active participants in a capture, which is useful for security analysis (among other things).

Read the whole entry »


Monday, Mar 9, 2015

Native Packet Capture in Windows 8

There was a time when saying something like “native packet capture in Windows” would get you laughed out of a karaoke bar full of IT geeks. We’ll let that sentence settle in for a second… then tell you that yes, indeed, Windows 8 includes native packet capture, and you can easily integrate it with CloudShark! This feature can be found using the netsh command. Included among a host of other network tools associated with the command is the trace argument, which can be used to begin and end an network trace.

Read the whole entry »


Monday, Jan 26, 2015

CloudShark 2.4 - Secure Delete, CentOS 7, and Monitoring

Zach gives us an update here: Watch the video. We’ve had our noses to the grindstone for quite some time, but we’re happy to announce that CloudShark 2.4 is here! While we continue to make some behind-the-scenes improvements, this release contains some features that were specifically requested by customers. Secure Delete For the particularly security conscious, we’ve added the secure delete feature to CloudShark 2.4. This is available in the administrators settings, and allows you the option of permanently deleting captures from the disk (a concept also known as “shredding”).

Read the whole entry »


Wednesday, Jan 7, 2015

Heartbleed, Poodle, Shellshock, and the Sony Hack - Big Security Breaches of 2014

If there’s one thing we noticed about 2014, it was a year of many security announcements. It is becoming obvious that perimeter security is not sufficient and each constituent system in a network must be regarded as a public system, regardless of assumption. Systems will be compromised, and preparing for what to do after an attack is just as important as preventing attacks in the first place. In any case, we thought we’d do a quick review:

Read the whole entry »


Tuesday, Dec 2, 2014

CloudShark 2.3 Maintenance Release 2 - Annotations API

We wanted to get another maintenance release out for CloudShark 2.3 before the end of the year, this time adding a new feature to our API. Now you can add, remove, or edit packet annotations from the API, letting you add logging and notation capabilities to your automated tools or scripts that interact with CloudShark. The annotations API method is simple to use. You can both read and set the annotations using HTTP GET and POST methods, respectively, with special URLs.

Read the whole entry »


Tuesday, Dec 2, 2014

CloudShark 2.3 Maintenance Release 2 - Annotations API

We wanted to get another maintenance release out for CloudShark 2.3 before the end of the year, this time adding a new feature to our API. Now you can add, remove, or edit packet annotations from the API, letting you add logging and notation capabilities to your automated tools or scripts that interact with CloudShark. The annotations API method is simple to use. You can both read and set the annotations using HTTP GET and POST methods, respectively, with special URLs.

Read the whole entry »


Tuesday, Nov 25, 2014

Packet Capture Challenge - Attacking a Secure Wifi Connection

This challenge is complete! Try it yourself or scroll to the solution below. It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network. The Challenge Take a look at this capture.

Read the whole entry »


Thursday, Nov 13, 2014

CloudShark 2.3 Maintenance Release 1 is now available

Greetings CloudShark users! We’re happy to say that our first maintenance release of CloudShark 2.3 is ready for you to download and upgrade. In addition to some minor bug fixes, we now have tshark 1.12.2 running behind the scenes, and have made some sweet improvements to the decode window that makes it easier for you to highlight, select, and copy text for use in analysis. If you are a current customer or trial user, you can grab the latest version just by logging into your CloudShark Appliance terminal and running the following command:

Read the whole entry »


Thursday, Nov 6, 2014

Webinar - Packet Capture and Analysis in Wireless Networks

Watch the video. Wireless networks are the most ubiquitous type of network modern IT departments need to deal with. There are many tools for troubleshooting them, but what happens when you need to go to the packet level? How do you capture at the point you need, and how do you get those captures to a place you can analyze them? Join the CloudShark team as we show you:

Read the whole entry »


Monday, Oct 20, 2014

Using Jumpcloud LDAP Solution with CloudShark

There are a plethora of cloud applications for nearly all traditionally IT services that were managed in-house. One of the most interesting is JumpCloud, which provides a cloud-based solution for LDAP and Active Directory user management systems. What’s even more interesting is that JumpCloud can work seamlessly with CloudShark’s ability to use external LDAP/AD authentication and user management. If you are using LDAP, it’s as simple as enabling it in the CloudShark admin console and creating an sssd.

Read the whole entry »


Tuesday, Sep 30, 2014

CloudShark 2.3 - Single Sign-On, User Created API Tokens, and Wireshark 1.12.1

CloudShark 2.3 is here! This release presents some key features that our customers have asked for and again helps lay the groundwork for even more from CloudShark in the future. Read on! Support for single sign-on One of the most common requests we’ve received from CloudShark customers is support for single sign-on authentication. CloudShark 2.3 will come as good news for those out there looking for new Enterprise authentication options with its support for SAML authentication, allowing users to sign in through an external identity provider to reduce the need to have separate login credentials just for CloudShark.

Read the whole entry »


Tuesday, Sep 2, 2014

Wireshark in the Web - An Introduction to Collaborative Packet Analysis (Webinar)

Watch the video. If you are new to CloudShark Enterprise or diving into our 30-day free trial, or even just curious about how you can organize, analyze, and collaborate on packet captures in your browser, please join the CloudShark support team as we show you the basics: Your first log-in to CloudShark Enterprise Searching, tagging, and organizing Annotating and analyzing in the packet capture viewer Sharing links and embedding views Using CloudShark with the Wireshark plug-in

Read the whole entry »


Monday, Jul 28, 2014

How to build a network probe with OpenWrt and CloudShark

We’re always geeking out over the multitude of things you can do with packet capture and CloudShark upload support in the popular open source OS for embedded devices, OpenWrt. In addition to the ability to troubleshoot packet-level detail on home gateways, or monitoring wireless traffic, OpenWrt’s packet capture feature can turn any embedded device to a packet capture node that can instantly upload its data to CloudShark. Accessing OpenWrt To turn a device into a network probe, you’ll need to be able to access the web user-interface of OpenWrt.

Read the whole entry »


Monday, Jun 30, 2014

Capturing Smartphone Traffic With OpenWrt and CloudShark

Have you ever wanted to capture and analyze what network traffic your smartphone or tablet is sending? Maybe you are developing a new app and need to debug a network issue, or maybe you are just curious about what network traffic an app is sending. Using a wireless router running OpenWrt with the CloudShark package makes capturing this traffic easy! Once you have the OpenWrt CloudShark package installed connect your device to your OpenWrt wireless network and browse to the Status page of the OpenWrt router.

Read the whole entry »


Thursday, Jun 26, 2014

Embedding packets in other pages

Have you ever wanted to embed a packet trace right into the blog post you were writing? We know you have. You’ve told us you want that! When a screenshot of the decode won’t do, you can use CloudShark to share individual frame decodes in blog posts, documentation, help forums, and pretty much anywhere else you can write HTML. Let’s see it in action! Here’s packet #2 from our TCP Fast open example.

Read the whole entry »


Tuesday, Jun 10, 2014

Uploading to CloudShark using OS X Finder

Here in the CloudShark QA Department, we use many open source tools to accelerate our testing process - Capybara, JMeter, and Vagrant are each friends and family to our QA lab. When new product development zooms past the faithful heartbeat of test automation, every QA department in the world needs to fess up - manual testing helps get the job done. One of the most useful ways of testing future versions of CloudShark is also a way to get some extra testing for free: the robust CloudShark API allows for hands-free manipulation of CloudShark packet capture assets.

Read the whole entry »


Wednesday, Jun 4, 2014

CloudShark 2.2 - Bigger Captures, Faster Analysis

CloudShark has come a long way since it began its experimental debut as CloudShark.org nearly 4 years ago. Since then, we’ve added some great features that have enhanced the way people do network analysis by bringing web technology to the world of packets. Our latest release sets the stage for the next phase of web-enhanced capture organization, collaboration, and analysis. CloudShark 2.2 contains some major enhancements to the way we do things “behind the curtain” in CloudShark, drastically increasing speed, supporting more concurrent users, and letting you view captures much larger than before.

Read the whole entry »


Friday, May 2, 2014

Five Reasons to Move to the Pcapng Capture Format

The pcap capture file format has been the universal packet capture format since the early days of computer networking. Almost all capture tools support the pcap format. And while vendors have created new formats over the years, most tools support conversion into the pcap format. While pcap continues to be used today, it does have some limitations that make other formats more attractive. A new format called “pcapng” has been under development for a number of years.

Read the whole entry »


Wednesday, Apr 9, 2014

Packet Capture of Heartbleed in Action

As many are aware (as it’s now become national news), a vulnerability was recently discovered in OpenSSL dubbed Heartbleed. The attack centers around the implementation of the Heartbeat extension in OpenSSL which causes a server to return the contents of memory that should be protected. This blogpost by Troy Hunt describes the vulnerability in detail: Everything you need to know about the Heartbleed SSL bug. Being packet geeks, naturally we wanted to get a capture of the Heartbleed attack in action.

Read the whole entry »


Thursday, Apr 3, 2014

SSL Key Management with CloudShark

One of CloudShark’s most unique features is SSL stream viewing and rsa key management. Watch the video. What do you do when you have certificates that you need to distribute to your team to look at encrypted data? How do you troubleshoot encrypted network traffic without having to give users access to your keys on their local machines? CloudShark contains a unique key management system in addition to its packet capture repository.

Read the whole entry »


Thursday, Mar 20, 2014

Capturing packets on android

One advantage of Android over iOS for those of us in the packet industry is the ability to access the network interfaces. The popular Kismet Android PCAP app lets you capture on a USB wireless adapter using an Android device. But did you know that you can also capture directly on Android’s wireless interface? Paired with Kismet’s CloudShark Uploader for Android and you can actually capture, upload, view, and analyze all from your mobile android device.

Read the whole entry »


Tuesday, Jan 21, 2014

Using the CloudShark Improved Search API

CloudShark 2.0 added a lot of cool new features to CloudShark, but perhaps the most powerful (and most complex) was the addition of search capability to the CloudShark API. The search API function takes the already robust search features of CloudShark that were available through the user interface and brings them to anyone who wants to integrate CloudShark with their existing tools or work CloudShark seamlessly into their automation environment.

Read the whole entry »


Thursday, Dec 12, 2013

CloudShark G.722 decode support

In CloudShark 1.9 we added the ability to play back RTP streams so that you can replay voice data embedded in packet captures for call quality analysis. When we launched this feature, CloudShark supported G.711, G.729, and GSM voice codecs, used by many voice and mobile providers. Since then, we’ve gotten a lot of calls (ha!) for the addition of other audio codecs to the system to be able to play them back as well.

Read the whole entry »


Monday, Dec 2, 2013

Polidea Cellular Data Network Simulator CloudShark Integration

We love it when good ideas come together. Recently we were contacted by the smart people at Polidea, a company that delivers dynamic mobile app design, development, and testing to its clients. To assist in the latter, Polidea cooked up an open source Cellular Data Network Simulator that you can grab on GitHub. We got a chance to talk to Kamil Trzciński from Polidea about the project and their CloudShark integration.

Read the whole entry »


Tuesday, Nov 19, 2013

Kerberos Decryption Support

If you don’t already know, one of CloudShark’s main features is the ability to manage RSA keys and allow those keys to be used to decrypt SSL traffic, allowing users to view encrypted data without ever having to give out your RSA keys. But what about other types of encryption? We were recently approached about support for Kerberos in CloudShark captures. CloudShark can actually support the decryption of Kerberos encrypted data using the Wireshark preferences file that we showed you before for fixing your RTP decode settings.

Read the whole entry »


Thursday, Nov 7, 2013

Easily Adding Custom Dissectors to CloudShark

It’s no secret that CloudShark uses tshark to generate the data we use in the CloudShark database, resulting in what you see when you view a capture in the CloudShark viewer. CloudShark sorts and caches this information to make it faster and easier for you to get to the information you need, when you need it. The added advantage of using tshark is that all of the most recent dissectors published in the latest versions of Wireshark can be used in CloudShark immediately without any additional work.

Read the whole entry »


Tuesday, Oct 29, 2013

Streaming Live Captures to CloudShark

We’ve been talking a whole lot about integration lately. From our recent bout at Cisco Toolapalooza, to the great work that’s being done with Meraki, we’re finding that the best way people get comfortable with CloudShark is by incorporating it into their existing tools. There are a great many tools out there that can produce packet captures, and each one can find a different way to get those captures into CloudShark for easier collaboration and management.

Read the whole entry »


Wednesday, Oct 16, 2013

Customizing Your CloudShark Experience

We know how life can be when someone else drives your car, and all of your “preferences” - the seat position, mirror views, and your “greatest hits of 1991” satellite radio station are all modified. Or worse, imagine if you had to set them every time you got in the car! We can see how that would be super annoying (like the greatest hits of 1991*). Fortunately for CloudShark, you can actually configure certain packet capture view preferences and save them so that you’ll see things the way you want to every time you look at a capture.

Read the whole entry »


Tuesday, Sep 17, 2013

Wireshark Preferences File and RTP Streams

CloudShark 1.9 includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark. You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice.

Read the whole entry »


Tuesday, Aug 27, 2013

Using Annotations in Graphs

One of CloudShark’s main and most useful features is the ability to add annotations to individual packets, or to import packet comments from the pcap-ng format into CloudShark annotations. Not only does this make your own note-taking on your analysis easier, but allows you to share your annotations with your colleagues or customers when sharing the capture file URL. They can see your notes and get to the root of the problem faster.

Read the whole entry »


Wednesday, Jul 24, 2013

CloudShark 1.9 - RTP Playback and More

CloudShark 1.9 is here! The big news here is CloudShark’s support for RTP playback of VoIP calls. This is something we’ve been excited about adding to CloudShark for awhile - when looking to add tools to CloudShark, we always make sure they are something that can benefit from the power of web technology and aid our users in collaboration on networking problems. You can see an example capture with all of our new functionality built in here: https://www.

Read the whole entry »


Wednesday, Feb 13, 2013

CloudShark 1.7: SSL Key Management

The CloudShark team is very pleased to announce CloudShark 1.7, our latest release. First off, we’ve jazzed up the Protocol Hierarchy tool, letting you automatically create a filter by clicking on a protocol in the viewer. This was based on feedback from our users as it was one of their most often used tools for the first step in their analysis. In addition, we are proud to launch the first ever “Key Management System”, that allows users to decrypt SSL data and perform analysis without ever needing to give them access to the keys in any way.

Read the whole entry »


Tuesday, Oct 2, 2012

CloudShark 1.6 Released

CloudShark version 1.6 is here! In addition to the features you know and love from CloudShark, version 1.6 now supports seamless integration with pcapng, allowing you to import packet-level comments and export CloudShark sessions as pcapng files. We’re also using Tshark version 1.8 now on the back-end. Check out our video here on how to use the new pcapng features! (And don’t forget, send us a capture challenge and if we choose it, you’ll win your own “p cap”)

Read the whole entry »


Tuesday, Aug 14, 2012

Packet Capture Challenge #4 - Solution

This challenge is now finished! Read the solution below or scroll down to try the challenge for yourself! The Solution CloudShark lets you embed your filters directly in the URL. When we view this packet capture file, we are already brought to the view we want to see: in this case, only DNS and ICMP messages. http://cloudshark.org/captures/a02f4f4a0df0?filter=dns%20%7C%7C%20icmp Why is that? The problem we’re looking to illustrate happens to be an ICMP packet that is tied to a particular DNS response.

Read the whole entry »



Tuesday, Jun 19, 2012

CloudShark 1.5 Is Here!

Just in time for SHARKFest ‘12, today we’re releasing CloudShark 1.5. This latest release builds on CloudShark’s already powerful ability to let you collaborate on and securely store network captures, adding additional functionality to our upload API, the ability to further customize your view, and the ability to export graphs as images or pdf. Our biggest new feature is the HTTP Requests Analysis Tool, and we’re pretty excited about it!

Read the whole entry »


Wednesday, Jun 6, 2012

Search for *anything* in a capture - did you know?

The great thing about CloudShark’s capture decode is that it supports all of the standard Wireshark display filters. You may know the common ones, such as searching on ip address or tcp port, or even protocol; but did you know you can search for any ASCII or Hex values in any field throughout the capture? It’s true. The “frame contains” filter will let you pick out only those packets that contain a sequence of any ASCII or Hex value that you specify.

Read the whole entry »


Thursday, Feb 9, 2012

HOMER SIP Capture Server Integrates with CloudShark

HOMER SIP Capture Server, a robust, carrier grade, 100% open source scalable SIP Capture system and Monitoring Application, has become the first open source application to introduce native support for CloudShark! End users of the application now have the option to upload their captures to cloudshark.org, or to their own CloudShark appliance, where they can be viewed directly in a browser or shared with others via URL. One of the great examples of how easily CloudShark can integrate with existing tools.

Read the whole entry »


Tuesday, Jan 31, 2012

WireShark Plug-in is Launched!

We’re happy to announce that the CloudShark plug-in for WireShark has been released! Download now and start securing, viewing, and sharing your WireShark captures as they are produced. Or, view our demo video to get a look at the plug-in in action. Happy packet surfing!

Read the whole entry »



Categories

Topics

About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: