CloudShark’s capture repository is great for uploading your own captures and building a complete list of your network capture history and all of the captures that are most important to you. But, one of the most frequent questions we get is “Where can I find sample packet captures?“”
Here’s our favorite resources for finding sample packet captures of various protocols and scenarios:
Jeremy Stretch runs the blog packetlife.
We all know that Wireshark filters can be used to help you in your analysis and narrow down what you are looking for. But, with CloudShark, they present a new opportunity for use when sharing your captures with colleagues in order to both present the view you are looking at, or to help navigate to a section of the capture you want them to see. Here’s three tricks we use when getting around town in CloudShark.
Watch the video. Wireless networks are the most ubiquitous type of network modern IT departments need to deal with. There are many tools for troubleshooting them, but what happens when you need to go to the packet level? How do you capture at the point you need, and how do you get those captures to a place you can analyze them?
Join the CloudShark team as we show you:
The pcap capture file format has been the universal packet capture format since the early days of computer networking. Almost all capture tools support the pcap format. And while vendors have created new formats over the years, most tools support conversion into the pcap format.
While pcap continues to be used today, it does have some limitations that make other formats more attractive. A new format called “pcapng” has been under development for a number of years.
It’s no secret that CloudShark uses tshark to generate the data we use in the CloudShark database, resulting in what you see when you view a capture in the CloudShark viewer. CloudShark sorts and caches this information to make it faster and easier for you to get to the information you need, when you need it.
The added advantage of using tshark is that all of the most recent dissectors published in the latest versions of Wireshark can be used in CloudShark immediately without any additional work.
CloudShark 1.9 includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark.
You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice.
The great thing about CloudShark’s capture decode is that it supports all of the standard Wireshark display filters. You may know the common ones, such as searching on ip address or tcp port, or even protocol; but did you know you can search for any ASCII or Hex values in any field throughout the capture?
It’s true. The “frame contains” filter will let you pick out only those packets that contain a sequence of any ASCII or Hex value that you specify.
We’re happy to announce that the CloudShark plug-in for WireShark has been released! Download now and start securing, viewing, and sharing your WireShark captures as they are produced. Or, view our demo video to get a look at the plug-in in action. Happy packet surfing!