CloudShark

Tagged: Featured

Monday, Oct 31, 2016

Updates to the Wireshark plug-in (v1.0.5)

Tom recently did an update to our CloudShark plug-in for Wireshark to give it a bit of a dusting and put on some new polish. We’ve made it a bit easier for Windows users to install, and makes sure you get your API token in the configuration properly. Installing the Wireshark plug-in in Windows 10 To recap on installing in Windows, it goes like this: Download the plug-in from github.

Read the whole entry »


Monday, Sep 19, 2016

Best Practices for Managing and Securing Network Capture Files

This article is the full text of our white paper on the same topic Packet Capture Files: Valuable but Vulnerable Packet capture files - files that record network traffic—are invaluable resources for network administrators, help desk staff, and IT security experts. Filled with application data and protocols, timestamps, and error codes, these files provide IT engineers with a detailed view of what took place on a network during a specific period of time.

Read the whole entry »


Friday, Sep 16, 2016

HIPAA, shadow IT, and the packet capture problem

Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. Recently we’ve been having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”. HIPAA and packet captures The relevant parts of HIPAA to packet capture security include sections on workstation use and security, device and media controls (including rules for backup and storage), access controls to electronic resources, and a section that addresses transmission security, which requires encryption of those record during transmission.

Read the whole entry »


Wednesday, Sep 14, 2016

Automating remote capture with pcapdaemon and CloudShark

Automating remote capture with pcapdaemon and CloudShark from QA Cafe on Vimeo. One of the most powerful ways to use CloudShark is to aggregate captures from multiple locations. While many network devices have packet capture natively (and some integrated with CloudShark upload), for other systems, it’s necessary to use custom scripts that utilize tshark (with the CloudShark plug-in for Wireshark installed) or tcpdump in tandem with CURL to use the CloudShark upload API.

Read the whole entry »


Thursday, Jul 21, 2016

Searching your captures with CloudShark DeepSearch (Webinar)

Join our webinar on Tuesday, August 2nd, at 11:00 EDT New in CloudShark 3.0, DeepSearch lets you get more out of your capture archive by finding packets that match standard Wireshark filters. Then use CloudShark’s web-based analysis to drill-down, share, and resolve. It’s that easy. Join the CloudShark team as we show you: Selecting captures to DeepSearch Several DeepSearch use cases Re-using previously used filters And more! This is part of our ongoing CloudShark webinar series.

Read the whole entry »


Monday, Jul 11, 2016

CloudShark 3.0 - Introducing DeepSearch

These are the packets you’re looking for Watch the video. New In CloudShark 3.0, DeepSearch lets you get more out of your capture archive by finding packets that match standard Wireshark filters. Select captures, run a DeepSearch, and CloudShark will identify the captures containing those packets. Then use CloudShark’s web-based analysis to drill-down, share, and resolve. It’s that easy. Features Look inside your captures without pouring over packets Use standard Wireshark display filters across multiple captures Easily drill-down to find security events and application problems Sign up for a hosted account or install a local CloudShark Enterprise server and let CloudShark DeepSearch take over the hard work of looking through your packets.

Read the whole entry »


Friday, Apr 8, 2016

Using the CloudShark API (Webinar)

Watch the video. A CloudShark Online account or your own instance of CloudShark Enterprise comes with full access to our API, letting you upload captures, search your repository, and more using your own tools and scripts. Join the CloudShark team as we show you: How to find and create API tokens and API permissions Using upload, search, and other API functions Using the API to build remote capture uploads in Raspberry Pi And more!

Read the whole entry »



Thursday, Mar 31, 2016

Building a network capture probe with Raspberry Pi

We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi. The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom.

Read the whole entry »


Thursday, Mar 10, 2016

Using filters for navigation and sharing

We all know that Wireshark filters can be used to help you in your analysis and narrow down what you are looking for. But, with CloudShark, they present a new opportunity for use when sharing your captures with colleagues in order to both present the view you are looking at, or to help navigate to a section of the capture you want them to see. Here’s three tricks we use when getting around town in CloudShark.

Read the whole entry »


Monday, Feb 29, 2016

Wireless Analysis with CloudShark and Airtool

Watch the video. Sometimes when analyzing problems in Wifi networks you need to go straight to the packets. What tools are there to do Wifi capture? What should you look for in your packets? Watch one of our premier integrators, Airtool’s Adrian Granados, as he shows you: Installing and configuring the Airtool wireless tool for OSX Capturing and uploading to CloudShark Wifi packet analysis tools in CloudShark And more!

Read the whole entry »


Wednesday, Feb 17, 2016

Capture of recently discovered glibc getaddrinfo() vulnerability

The folks at Google Security recently discovered a vulnerability in glibc’s getaddrinfo() library function, allowing attackers to execute malicious code transmitted in oversized DNS replies. Scary stuff! Luckily, there’s already a patch, and the developers generated some proof of concept code to demonstrate the vulnerability. We took that code and ran it against some of our own systems. You can see a packet capture of the whole thing here: https://www.cloudshark.org/captures/0a13d445cb31

Read the whole entry »


Tuesday, Feb 9, 2016

Using CloudShark with your Meraki Dashboard

Watch the video. If you’re a Meraki user or MSP, you’ve probably seen the ability to point to CloudShark in your Dashboard. How does it work? What can you do with it? Join us as we show you: Configuring your Meraki dashboard for CloudShark uploads Capturing packets in your dashboard Analyzing in CloudShark

Read the whole entry »


Thursday, Dec 17, 2015

Webinar - Merging and Editing Captures in CloudShark

Join Us On Wednesday, January 6th at 11:00 EST (16:00 GMT) Join Our Webinar CloudShark 2.8 allows you to safely merge multiple captures or create new captures from existing ones using filter rules. How does this feature work and how can you make the most of it? This is part of our ongoing series on CloudShark basics. We hope to see you there!

Read the whole entry »


Tuesday, Dec 15, 2015

Merging and splitting captures in CloudShark

Watch the video. Export captures to a new session based on filter rules Merge captures from multiple sources or times into a single capture Join Our Webinar on 01.06.2016 When we first made CloudShark, we stuck to making the best and easiet to use packet capture analysis tool out there. As we made more and more improvements to CloudShark and its host of analysis tools, we’ve gotten many requests for the ability to manipulate the captures themselves - whether it be splitting them into smaller, more manageable sizes or performing a capture merge that can put two sets of packet data in order and remove duplicates.

Read the whole entry »


Tuesday, Nov 17, 2015

CloudShark 2.7 - protocol ladder diagrams

Watch the video. CloudShark 2.7 is here, and once again we’re changing the way that web technology can change capture analysis with our “ladder diagrams” - packet visualizations just like SIP call flow diagrams but for ANY protocol and ANY conversation. You can watch the video above or read the full CloudShark 2.7 release notes here.

Read the whole entry »


Thursday, Oct 22, 2015

Best practices for using remote capture with CloudShark

CloudShark’s three key features - organizing, analyzing, and collaborating - all have their own ways of making packet capture analysis easier. In particular, organizing captures in a repository that can be tagged, sorted, and tracked can be made even more potent when you use it to centralize captures automatically from a variety of sources. Here’s three things you can do to build a packet capture network that pulls in captures from multiple locations:

Read the whole entry »


Wednesday, Sep 9, 2015

How do you have captures automatically expire?

Watch the video. One of our most requested features that we added to CloudShark 2.6 was the ability to have captures automatically delete after a certain time period has expired. Since CloudShark can hold a virtually unlimited number of captures, this is useful for those who wish to preserve disk space or have specific retention rules due to their company’s security policy or from regulations like HIPPA. Using this feature is very simple!

Read the whole entry »


Tuesday, Sep 8, 2015

CloudShark Personal and Business Accounts

As you may as well know now, CloudShark launched its free online accounts about 2 months ago. In that time, we’ve gotten a lot of feedback from our loyal users, and decided it was time to give you more. Starting immediately, users of cloudshark.org free accounts can upgrade their accounts to either CloudShark Personal or CloudShark Business for a small monthly fee. In addition to the power of the CloudShark repository and the ability to share captures through URLs, upgrading to a Personal or Business account gives you:

Read the whole entry »


Tuesday, Aug 18, 2015

CloudShark 2.6.1 Patch Release

After the flurry of activity surrounding the new features in CloudShark 2.6.0, we’ve issued our first patch release, CloudShark 2.6.1. In it you’ll find: Support for searching by SHA1 checksum Every pcap file has a checksum that ensures the data integrity of the file. For some CloudShark users, tracking this helps them organize their capture files in a way that correlates with a unique identifier that simple file names can’t always provide.

Read the whole entry »


Wednesday, Aug 5, 2015

Airtool CloudShark Integration

Watch the video. We absolutely love the community that CloudShark and the CloudShark API has created. Adding to our list of integrators is Adrian Granados creator of the free Wifi tool for Mac called Airtool. Airtool is a free Mac OS X menu bar application that lets you check and configure wireless settings. It also performs captures across one or more Wi-Fi channels. In his version of Airtool 1.2, Adrian has been kind enough to add CloudShark as a target destination for captured packets.

Read the whole entry »


Tuesday, Aug 4, 2015

CloudShark 2.6.0 - Auto-Delete, OAuth, and New User Tools

Watch the video. After spending some time in deep meditation, the CloudShark team is ready to bring you CloudShark 2.6.0. Why two-dot-six-dot-zero you ask? We’re switching officially to semantic versioning, which means you can know at a glance the level of changes that we’ve made to CloudShark, which will hopefully make our users more confident that upgrades won’t break all that wonderful, personalized integration you’ve done. That said, we have some exciting great new features to highlight, some of which were made to assist in our rollout of CloudShark Personal Accounts on CloudShark.

Read the whole entry »


Monday, Jul 27, 2015

Introducing CloudShark Personal Accounts

Watch the video. Five years ago, we here at QA Cafe launched cloudshark.org, a free online tool for performing packet analysis in your browser and sharing captures with colleagues, blogs, or in online discussion forums. Shortly afterwards, we launched the CloudShark Enterprise; a fully functional version of CloudShark for private networks covering a whole host of different uses - including enterprise and government IT, security firms, communications, and SaaS.

Read the whole entry »


Tuesday, May 19, 2015

AccessAgility Wifi Scanner Includes CloudShark Support

We’re always excited whenever a new network tool or packet capture service is able to make use of the CloudShark API in order to integrate the seamless analysis of packet captures into their products. Integrators like AccessAgility’s Wifi Scanner are exactly what CloudShark was designed for. Wifi Scanner Manager is a cloud-managed Wifi scanner that, when paired with WFS Agents, lets them become instant WiFi scanners and performance testers. You can find access points, determine their connectivity, do quick spot surveying, and find unauthorized access points.

Read the whole entry »


Thursday, May 14, 2015

All about SSL key logging

In CloudShark 2.5, we added the ability to use SSL key log file data in order to decrypt SSL streams in the packet viewer. But what exactly is an SSL key log file, and how do you get them so that you can do web site and web service debugging? A key log is a log of the values used by your web browser to generate TLS session keys. Your browser does this every time, but it doesn’t do anything else with those values once they are used.

Read the whole entry »


Monday, Apr 27, 2015

Using a bandwidth preview to triage captures

Our latest maintenance release of CloudShark 2.5, adds a cool new feature: the ability to view a small sparkline graph of each of your captures packets-per-second (bandwidth). You can add this to your index view by editing the table options in your capture file index. How might such a thing be useful? Quickly noticing patterns Some issues can be seen in the regularity of certain traffic patterns. For instance, seeing packet rate spikes occur at regular intervals can point to a rogue agent on your network attempting some funny business, or issues with applications trying to accomplish some network heavy task, then repeating it when it is unsuccessful.

Read the whole entry »


Friday, Apr 24, 2015

Captures and Analysis of the QUANTUMINSERT Attack

We now know a lot about the NSA’s various techniques in its QUANTUM program. One of the most prolific (and sneaky) of these attacks is the “QUANTUMINSERT”, which exploits a long-known TCP vulnerability that will cause, effectively, a redirect to a malicious resource. It’s tricky, since it requires careful timing; the spoofed packet needs to arrive before the expected packet. One of our most engaging customers, Fox-IT, is an active team of hackers, programmers, and cybersecurity experts that provides innovative solutions for government, defense, law enforcement, critical infrastructure, banking, and commercial enterprise clients worldwide.

Read the whole entry »


Thursday, Apr 23, 2015

TruePath Technologies complete nTop/CloudShark solution

It’s not often that seamless solutions present themselves as well as they do with nTop’s CloudShark integration with their n2disk product. What could make it even better is the ability to get an all-in-one network monitoring and analysis system with both of these systems through TruePath Technologies. Now an official CloudShark reseller, TruePath offers a suite of monitoring software and monitoring software services to help companies harness the potential of their networks, and specializes in in-house services for new or existing IT monitoring software.

Read the whole entry »


Tuesday, Apr 7, 2015

Running CloudShark on Amazon Web Services

Check out how to do it here: Watch the video. We’re pleased to say you can now easily install CloudShark on Amazon Web Services with just a few simple steps. CloudShark on AWS lets you maintain full control over your server without the added headaches of managing physical servers or VM infrastructure. You can get set up in minutes, whether you’re running a CloudShark trial or you’ve just purchased CloudShark and are ready to get going.

Read the whole entry »


Wednesday, Mar 18, 2015

CloudShark 2.5 - Geolocation, HTTP object forensics, Wireless decryption

Zach gives us an update here: Watch the video. Yes, it’s only been two months, but we had so many great ideas percolating (Yes, percolating. Like coffee.) that we couldn’t hold back any longer. Here’s the new and improved CloudShark 2.5. The endpoints tool A lot of people have asked us to have a tool that is a one-stop shop for the most active participants in a capture, which is useful for security analysis (among other things).

Read the whole entry »


Monday, Mar 9, 2015

Native Packet Capture in Windows 8

There was a time when saying something like “native packet capture in Windows” would get you laughed out of a karaoke bar full of IT geeks. We’ll let that sentence settle in for a second… then tell you that yes, indeed, Windows 8 includes native packet capture, and you can easily integrate it with CloudShark! This feature can be found using the netsh command. Included among a host of other network tools associated with the command is the trace argument, which can be used to begin and end an network trace.

Read the whole entry »


Monday, Feb 9, 2015

HIPAA, shadow IT, and the packet capture problem

Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. We’ve been harping lately on network security, which is one of the reasons we included secure delete as a new feature in CloudShark 2.4. This got us having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”.

Read the whole entry »


Monday, Feb 9, 2015

Using CloudShark for Education

Are you an instructor on network security, or a computer science professor teaching computer networking? We’ve recently highlighted the ways CloudShark is being used now for all kinds of educational uses, and received a great new case study from certified SANS instruction Paul A. Henry from Vnet Security, LLC. Check it out!

Read the whole entry »


Monday, Jan 26, 2015

CloudShark 2.4 - Secure Delete, CentOS 7, and Monitoring

Zach gives us an update here: Watch the video. We’ve had our noses to the grindstone for quite some time, but we’re happy to announce that CloudShark 2.4 is here! While we continue to make some behind-the-scenes improvements, this release contains some features that were specifically requested by customers. Secure Delete For the particularly security conscious, we’ve added the secure delete feature to CloudShark 2.4. This is available in the administrators settings, and allows you the option of permanently deleting captures from the disk (a concept also known as “shredding”).

Read the whole entry »


Wednesday, Jan 7, 2015

2014 Was a Year of Big Security Breaches

If there’s one thing we noticed about 2014, it was the year of Really Big Vulnerabilities ™. Sure, these sorts of things happen all the time, but now more than ever it is becoming obvious that perimeter security is not sufficient and each constituent system in a network must be regarded as a public system, regardless of assumption. Systems will be compromised, and preparing for what to do after an attack is just as important as preventing attacks in the first place.

Read the whole entry »


Tuesday, Dec 2, 2014

CloudShark 2.3 Maintenance Release 2 - Annotations API

We wanted to get another maintenance release out for CloudShark 2.3 before the end of the year, this time adding a new feature to our API. Now you can add, remove, or edit packet annotations from the API, letting you add logging and notation capabilities to your automated tools or scripts that interact with CloudShark. The annotations API method is simple to use. You can both read and set the annotations using HTTP GET and POST methods, respectively, with special URLs.

Read the whole entry »


Tuesday, Dec 2, 2014

CloudShark 2.3 Maintenance Release 2 - Annotations API

We wanted to get another maintenance release out for CloudShark 2.3 before the end of the year, this time adding a new feature to our API. Now you can add, remove, or edit packet annotations from the API, letting you add logging and notation capabilities to your automated tools or scripts that interact with CloudShark. The annotations API method is simple to use. You can both read and set the annotations using HTTP GET and POST methods, respectively, with special URLs.

Read the whole entry »


Thursday, Nov 13, 2014

CloudShark 2.3 Maintenance Release 1 is now available

Greetings CloudShark users! We’re happy to say that our first maintenance release of CloudShark 2.3 is ready for you to download and upgrade. In addition to some minor bug fixes, we now have tshark 1.12.2 running behind the scenes, and have made some sweet improvements to the decode window that makes it easier for you to highlight, select, and copy text for use in analysis. If you are a current customer or trial user, you can grab the latest version just by logging into your CloudShark Appliance terminal and running the following command:

Read the whole entry »


Tuesday, Sep 30, 2014

CloudShark 2.3 - Single Sign-On, User Created API Tokens, and Wireshark 1.12.1

CloudShark 2.3 is here! This release presents some key features that our customers have asked for and again helps lay the groundwork for even more from CloudShark in the future. Read on! Support for single sign-on One of the most common requests we’ve received from CloudShark customers is support for single sign-on authentication. CloudShark 2.3 will come as good news for those out there looking for new Enterprise authentication options with its support for SAML authentication, allowing users to sign in through an external identity provider to reduce the need to have separate login credentials just for CloudShark.

Read the whole entry »


Wednesday, Jun 18, 2014

Uploading Captures From OpenWrt to CloudShark

Those in the CPE world are probably very familiar with OpenWrt, an open source linux implementation for embedded devices, including home gateways or wireless routers. OpenWrt is popular and extensible, with over 3000 available packages. Recently, an OpernWrt package was developed that adds QA Cafe CloudShark capture and upload capability. The new package supports packet capture and viewing directly in the browser. A home router can be instantly transformed into a network troubleshooting tool or probe.

Read the whole entry »


Thursday, Jun 12, 2014

How much faster is CloudShark 2.2?

We hinted that there were a few things “behind the curtain” in CloudShark 2.2 that we’ve changed to not only make things faster, but lay the groundwork for the future of web-based capture analysis. It may come as no surprise that CloudShark is built in Ruby, one of the most popular programming languages for web applications. By upgrading to Ruby 2.1 and with some changes to the way we do things under the hood, CloudShark 2.

Read the whole entry »


Tuesday, Jun 10, 2014

Uploading to CloudShark using OS X Finder

This week, our own Mike Cross from CloudShark Devops guest blogs on testing web software and how to set up OS X to directly upload to CloudShark: Here in the CloudShark QA Department, we use many open source tools to accelerate our testing process - Capybara, JMeter, and Vagrant are each friends and family to our QA lab. When new product development zooms past the faithful heartbeat of test automation, every QA department in the world needs to fess up - manual testing helps get the job done.

Read the whole entry »


Wednesday, Jun 4, 2014

CloudShark 2.2 - Bigger Captures, Faster Analysis

CloudShark has come a long way since it began its experimental debut as CloudShark.org nearly 4 years ago. Since then, we’ve added some great features that have enhanced the way people do network analysis by bringing web technology to the world of packets. Our latest release sets the stage for the next phase of web-enhanced capture organization, collaboration, and analysis. CloudShark 2.2 contains some major enhancements to the way we do things “behind the curtain” in CloudShark, drastically increasing speed, supporting more concurrent users, and letting you view captures much larger than before.

Read the whole entry »


Tuesday, Jun 3, 2014

Ntop Integrates CloudShark into N2disk platform

In yet another successful story of CloudShark integration, the people at ntop have added seamless transfer of captures to CloudShark with their n2disk packet capture platform. Ntop is a diverse company with solutions for network monitoring, VPN, as well as packet-to-disk and wire-speed packet capture and transmission. These solutions, including n2disk, allow you to capture at multi-Gigabit rates on a live network interface without packet loss. With n2disk’s CloudShark integration, you can view those captures immediately, right in your browser.

Read the whole entry »


Wednesday, May 28, 2014

CloudShark Attending Sharkfest 2014

Greetings Packet Geeks! CloudShark is happy to announce it will once again return to SharkFest at the Dominican University of Califonia in San Rafael. While there, we’ll be promoting the speed advancements we’ve made in our upcoming CloudShark 2.2 release and demonstrating how collaborative packet analysis can take network security, administration, and maintenance to the next level. Our own Zach Chadwick and Tom Peterson will be attending - here’s what they have to say about it:

Read the whole entry »


Monday, Apr 21, 2014

Lostnet Soft Android Firewall CloudShark Integration

We’re excited to have another great android app that can perform packet capture and upload to CloudShark. Lostnet Soft’s App and Geo Firewall for Android devices lets you take full control of your mobile network connection, limiting what apps are allowed to use and observing the biggest offenders of data usage and sharing. The firewall lets you set rules on both a per app and per location basis, so you can block access to addresses in particular countries if you suspect that there may be security violations, malware, or sharing of data that you did not approve.

Read the whole entry »


Thursday, Mar 20, 2014

Capturing packets on android

One advantage of Android over iOS for those of us in the packet industry is the ability to access the network interfaces. The popular Kismet Android PCAP app lets you capture on a USB wireless adapter using an Android device. But did you know that you can also capture directly on Android’s wireless interface? Paired with Kismet’s CloudShark Uploader for Android and you can actually capture, upload, view, and analyze all from your mobile android device.

Read the whole entry »


About Us

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: