CloudShark 1.2 was released on August 3, 2011
CloudShark is the world’s premier network packet capture management tool, enabling users to easily upload, view, annotate, share, organize, and secure network capture files. The CloudShark appliance is a standalone version of the popular cloudshark.org service and provides a number of additional features and enhancements.
The CloudShark appliance utilizes a powerful database and includes an intuitive and easy to use web interface for administration, configuration, and general use. The CloudShark appliance is delivered either as a Linux-based Live CD which can be installed in a virtual machine or on bare metal, or comes pre-installed on PCA1000 hardware from QA Cafe.
Read below for a description of what’s new in version 1.2
Organize, share, and view capture files from any device with a web browser! CloudShark supports the Firefox 3.6+, Google Chrome, and Apple Safari 4+ web browsers, making it possible to manage capture file assets from a variety of devices including PCs, laptops, tablets, and smart-phones.
CloudShark’s decoder window is the primary interface for viewing capture files on the CloudShark appliance. The decoder window has been designed to be a powerful yet easy to use web interface for capture files, and should be familiar to anyone with experience working with capture files. The decoder window includes a number of features, allowing users to:
View capture files: users can apply display filters and zoom in on portions of the capture file using the navigation sliders.
Analyze and annotate individual packets: users can add annotations to individual packets within a capture file.
Download the original capture file: users can download the original capture file for use outside of the CloudShark appliance. This feature can also be disabled by CloudShark administrators.
View graphs of the capture file: graphs of bytes vs. time (with any display filters applied), relative amounts of TCP, UDP, and other traffic, displayed as bytes over time, and relative amounts of IPv4 and IPv6 traffic, displayed as bytes vs. time can be displayed.
Access information and statistics pertaining to the capture file: users can view the full capinfos output for each uploaded capture file.
CloudShark is compatible with all file types supported by Wireshark including .cap and .pcap, file types.
A user is a discrete entity that can log into CloudShark and own capture files. A capture file always is owned by a single user. Files cannot be orphaned - they are reassigned if a user is deleted. A set of users is called a group. Capture files can be assigned a single group, or no group. Users within the assigned group have more permissions than non group members, but have fewer permissions than the owner of the file. Admin users always have full permissions, regardless of ownership.
Users can belong to multiple groups. A user can assign a capture file to any group they are a member of. Admin users can also assign a capture file to any group. In either case, the owner of the file will retain their permissions and the group will inherit whichever permissions have been set by the owner or by the admin user.
Users must be logged in to upload and view capture files. By default guest access is disabled. Note that a guest is considered any visitor without a CloudShark user account. With guest access disabled, all users must log in to view or upload capture files.
Guests are allowed to view capture files that have been shared by CloudShark users. In this mode guests are not allowed to upload capture files.
Guests are allowed to upload capture files in addition to viewing capture files that have been shared by CloudShark users.
The CloudShark user model supports local authentication of users against CloudShark’s internal database or external authentication using common network directory information services such as LDAP, ActiveDirectory, or Kerberos. CloudShark also maintains group membership locally or accesses group membership information using the same network directory information services. Local and external authentication modes may be used simultaneously allowing some users to be local while others exist externally.
Files can be dragged from any modern operating system’s file explorer window right onto the Upload Files box on the CloudShark capture file index page.
Instead of dragging files into the “Upload Files” box, files can also be uploaded by clicking on the Drag and Drop box. This will open the browser’s file selector box, allowing you to navigate through the file system and select one or more capture files to upload.
Users can also paste the web URL of a capture file into CloudShark by clicking the Import from URL box. Files imported from a URL can be located anywhere the CloudShark appliance has network access to, including the Internet and other local or remote networks.
Files can also be imported using the Auto-Import feature. This feature allows specific directories on the system to be monitored by the CloudShark appliance. Any capture files placed in these directories will be automatically processed and imported using the settings specified by the CloudShark administrator.
CloudShark users can choose to share their capture files with group members (with read only or read-write permissions) and make them public. Users can share their capture files by copying and pasting the URL for a particular capture file into emails, trouble tickets, forum posts, chats, etc..
Tags are descriptive text strings that are associated with capture files. Tags are useful for organizing capture files and highlighting specific characteristics.
Comments can be applied to capture files and are meant to be a high level description of the entire file.
Annotations are essentially comments applied to individual packets within a capture file. Users can insert annotations to highlight a specific packet or describe a sequence of events in a capture file. Like comments, annotations can also be used as search criteria when searching for files in the capture index. The search feature allows users to search for files that either contain or do not contain annotations. Annotations support the MarkDown markup language, which allows for rich formatting and the ability to embed links.
CloudShark includes a number of different filtering, sorting, and search criteria which can be useful for finding specific capture files.
The CloudShark appliance can be configured for HTTP or HTTPS access with user supplied certificates.
The CloudShark appliance includes detailed activity logs and log filters which can be useful for tracking users and events on the system.