When an wireless access point wants to advertise its available networks, it sends out 802.11 beacon frames. These frames are seen by other 802.11 receiving radios, and if you can capture those frames, you can use CloudShark’s Wireless Networks tool to see all of the wireless networks (named with their SSIDs) nearby.
Alternatively, when Wifi stations come online, they may send out a frame called a “Probe Request”. An access point can respond to these requests with a “Probe Response”.
Today’s Wireless Access Points have multiple radio interfaces (for the 2.4 GHz and 5 GHz ranges) that can both host Wifi clients. What if you want to see capture data from both? Aerohive’s HiveManagerNG lets you capture on both of these interfaces at the same time. This makes two different captures, but with CloudShark’s Merge feature you can put them together and view all of the packets going through your AP at once.
By now you’ve signed up for a CloudShark account and probably pushed your first capture from HiveManager NG into your repository. Where do you go from here? What sort of things should you be looking for?
What exactly have I captured? A packet capture file sourced from your Aerohive device contains a record of all network traffic that passed through the interface you chose when doing your capture. In HiveManager NG, if you have captured on a WLAN interface, this will be 802.
+ The wildly successful Aerohive system now has support for packet capture with automatic uploads to CloudShark! We’re really excited about it and it has been excellent working with the folks at Aerohive. From Aerohive:
Aerohive’s HiveManager NG sets a new standard for simplicity and flexibility in wireless cloud networking. It provides advanced functionality with application visibility and control, a full suite of monitoring tools, enhanced security and guest access management.
Tom recently did an update to our CloudShark plug-in for Wireshark to give it a bit of a dusting and put on some new polish. We’ve made it a bit easier for Windows users to install, and makes sure you get your API token in the configuration properly.
Installing the Wireshark plug-in in Windows 10 To recap on installing in Windows, it goes like this:
Download the plug-in from github.
Automating remote capture with pcapdaemon and CloudShark from QA Cafe on Vimeo.
One of the most powerful ways to use CloudShark is to aggregate captures from multiple locations. While many network devices have packet capture natively (and some integrated with CloudShark upload), for other systems, it’s necessary to use custom scripts that utilize tshark (with the CloudShark plug-in for Wireshark installed) or tcpdump in tandem with CURL to use the CloudShark upload API.
We’re excited to have another great android app that can perform packet capture and upload to CloudShark.
Lostnet Soft’s App and Geo Firewall for Android devices lets you take full control of your mobile network connection, limiting what apps are allowed to use and observing the biggest offenders of data usage and sharing.
The firewall lets you set rules on both a per app and per location basis, so you can block access to addresses in particular countries if you suspect that there may be security violations, malware, or sharing of data that you did not approve.