The Auto-Import service in CloudShark requires that these directories must be local to CloudShark. Remote file systems such as SMB and NFS will not trigger the Linux kernel’s inotify event, which the Auto-Imports service utilizes.
One way to work around this limitation is to instead configure your CloudShark Appliance to export its own share that can then be mounted on a workstation or server. This lets you drag and drop pcaps to a folder on your machine and they are automatically imported into your CloudShark Appliance!
Every command listed in this document is intended to be run by the root user.
To enable NFS on your CloudShark Appliance first install the NFS package on your system with the following command:
# yum install nfs-utils
Next make a directory on the CloudShark Appliance where the captures will be uploaded to. The cloudshark user also must have permissions to read and write to this directory:
# mkdir /captures # chown cloudshark:cloudshark /captures
This directory must be configured to be exported by NFS. First find the uid and
gid numbers of the cloudshark user. Use the
id command to find this
# id cloudshark uid=501(cloudshark) gid=501(cloudshark) groups=501(cloudshark)
Edit the file
/etc/exports and add the following line which will export this directory to
/captures *(rw,all_squash,insecure,anonuid=<uid number>,anongid=<gid number>)
By default NFS uses dynamic ports which can cause issues when trying to
configure the firewall on the CloudShark Appliance. Edit the file
/etc/sysconfig/nfs to specify the ports that should be used so that firewall
rules can be created to allow clients to connect using NFS. Set the following
variables in this config file to specific ports. Here is an example but you may
use different ports if necessary:
# Port rquotad should listen on. RQUOTAD_PORT=875 # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 # Port rpc.mountd should listen on. MOUNTD_PORT=892 # Port rpc.statd should listen on. STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020
Now start the NFS server and configure it to be started when the
CloudShark Appliance is turned on. This varies if you are using CentOS/RHEL 6
or 7. You can run the command
cat /etc/redhat-release to determine your
# chkconfig rpcbind on # chkconfig nfs on # chkconfig nfslock on # service rpcbind start # service nfs start # service nfslock start
# systemctl enable rpcbind # systemctl enable nfs-server # systemctl enable nfs-lock # systemctl enable nfs-idmap # systemctl start rpcbind # systemctl start nfs-server # systemctl start nfs-lock # systemctl start nfs-idmap
Last make sure that the firewall on the CloudShark Appliance is configured to
allow NFS access. If you chose the same ports in the
above then you will need to configure the firewall to allow:
protocol/port tcp/111 udp/111 tcp/892 udp/892 tcp/2049 udp/2049 tcp/32803 udp/32769
See our Firewall Configuration for more
information on configuring the firewall on your CloudShark Appliance. If you
chose different ports in the
/etc/sysconfig/nfs file the command
will list out all of the ports and protocols that you will need to allow through
Once this is complete you can configure the directory
/captures as an
auto-import location. The next
section will show you how to mount this directory and upload captures to be
imported into CloudShark.
On OSX in the Finder go to Go -> Connect to Server.
In the Server Address: field enter
nfs://<CloudShark IP or Hostname>/captures then click
Connect. You can also click the + to add it to your list of Favorite
The NFS Client for Windows 7⁄8 is included in the Enterprise edition but it is not installed by default. To install the client go to the Control Panel and select Programs. Then under Programs and Features click the link to Turn Windows features on or off. In the next window select Services for NFS and click *OK.
Now you can use the mount command in the Command Prompt to mount the NFS share on your CloudShark Appliance. For example:
mount \\<CloudShark IP or Hostname>\captures *
You can also open an Explorer window and browse to the share from there.
To mount the NFS share in Linux you can use the following command:
# mount <CloudShark IP or Hostname>:/captures <local directory to mount to>
To configure Linux to automatically mount this each time it is rebooted add the
following line to your
<CloudShark IP or Hostname>:/captures /<local directory to mount to> nfs auto 0 0