CloudShark Support

Exporting an NFS share from CloudShark

Using NFS and an Auto-Import

The Auto-Import service in CloudShark requires that these directories must be local to CloudShark. Remote file systems such as SMB and NFS will not trigger the Linux kernel’s inotify event, which the Auto-Imports service utilizes.

One way to work around this limitation is to instead configure your CloudShark Appliance to export its own share that can then be mounted on a workstation or server. This lets you drag and drop pcaps to a folder on your machine and they are automatically imported into your CloudShark Appliance!

Enabling NFS on CloudShark

Every command listed in this document is intended to be run by the root user.

To enable NFS on your CloudShark Appliance first install the NFS package on your system with the following command:

# yum install nfs-utils

Next make a directory on the CloudShark Appliance where the captures will be uploaded to. The cloudshark user also must have permissions to read and write to this directory:

# mkdir /captures
# chown cloudshark:cloudshark /captures

This directory must be configured to be exported by NFS. First find the uid and gid numbers of the cloudshark user. Use the id command to find this information:

# id cloudshark
uid=501(cloudshark) gid=501(cloudshark) groups=501(cloudshark)

Edit the file /etc/exports and add the following line which will export this directory to any machine:

/captures *(rw,all_squash,insecure,anonuid=<uid number>,anongid=<gid number>)

By default NFS uses dynamic ports which can cause issues when trying to configure the firewall on the CloudShark Appliance. Edit the file /etc/sysconfig/nfs to specify the ports that should be used so that firewall rules can be created to allow clients to connect using NFS. Set the following variables in this config file to specific ports. Here is an example but you may use different ports if necessary:

# Port rquotad should listen on.
RQUOTAD_PORT=875
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
# Port rpc.statd should listen on.
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=2020

Now start the NFS server and configure it to be started when the CloudShark Appliance is turned on. This varies if you are using CentOS/RHEL 6 or 7. You can run the command cat /etc/redhat-release to determine your version.

CentOS/RHEL 6

# chkconfig rpcbind on
# chkconfig nfs on
# chkconfig nfslock on
# service rpcbind start
# service nfs start
# service nfslock start

CentOS/RHEL 7

# systemctl enable rpcbind
# systemctl enable nfs-server
# systemctl enable nfs-lock
# systemctl enable nfs-idmap
# systemctl start rpcbind
# systemctl start nfs-server
# systemctl start nfs-lock
# systemctl start nfs-idmap

Last make sure that the firewall on the CloudShark Appliance is configured to allow NFS access. If you chose the same ports in the /etc/sysconfig/nfs file above then you will need to configure the firewall to allow:

protocol/port
tcp/111
udp/111
tcp/892
udp/892
tcp/2049
udp/2049
tcp/32803
udp/32769

See our Firewall Configuration for more information on configuring the firewall on your CloudShark Appliance. If you chose different ports in the /etc/sysconfig/nfs file the command rcpinfo -p will list out all of the ports and protocols that you will need to allow through the firewall.

Once this is complete you can configure the directory /captures as an auto-import location. The next section will show you how to mount this directory and upload captures to be imported into CloudShark.

Mounting an NFS Shared Folder

OS X

On OSX in the Finder go to Go -> Connect to Server.

In the Server Address: field enter nfs://<CloudShark IP or Hostname>/captures then click Connect. You can also click the + to add it to your list of Favorite Servers.

Windows 78

The NFS Client for Windows 78 is included in the Enterprise edition but it is not installed by default. To install the client go to the Control Panel and select Programs. Then under Programs and Features click the link to Turn Windows features on or off. In the next window select Services for NFS and click *OK.

Now you can use the mount command in the Command Prompt to mount the NFS share on your CloudShark Appliance. For example:

mount \\<CloudShark IP or Hostname>\captures *

You can also open an Explorer window and browse to the share from there.

Linux

To mount the NFS share in Linux you can use the following command:

# mount <CloudShark IP or Hostname>:/captures <local directory to mount to>

To configure Linux to automatically mount this each time it is rebooted add the following line to your /etc/fstab file:

<CloudShark IP or Hostname>:/captures /<local directory to mount to> nfs auto 0 0

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: