|Release Type||Release Number||Release Date|
|Original||CloudShark 2.5.2754||March 17, 2015|
|Maintenance Release #1||CloudShark 2.5.2756||March 19, 2015|
|Maintenance Release #2||CloudShark 2.5.2772||March 25, 2015|
|Maintenance Release #3||CloudShark 2.5.2800||April 21, 2015|
CloudShark 2.5 is here!
It’s been a long cold winter here in the Northeast United States, and we are so happy to start seeing signs of Spring. Since we’ve been stuck inside the last few months, we’ve been hard at work on a bunch of new features and improvements to CloudShark. It’s quite a list, and we’re proud of this latest release!
— The CloudShark Team
Need to know who’s sending the most traffic in a capture? Receiving the most? CloudShark now includes a new Endpoints tool that lets you look at the packet and byte counts for your top IPv4, IPv6, Ethernet, and TCP/UDP endpoints. Sort on any field, and share the URL. Click on a row to filter your capture file down to just what you’re looking for.
As an addition to the Endpoints tool, CloudShark 2.5 includes the MaxMind GeoLite databases for City, Country, and ISP. This allows CloudShark to map IP addresses in your captures to locations in the world. Even better, locations are display filter compatible so you can link to them just like any other filter.
CloudShark’s HTTP Analysis tool has been dusted off and given a little bit of a facelift. It’s now much easier to perform all the available HTTP analysis from within the default dialog box. This has also given us space to include a link to the new HTTP Object Forensics:
Ever have a trace and need to view the pages, images, and other files that had been transferred via HTTP? CloudShark can now export HTTP objects from inside of capture files. Preview documents, scripts, images, videos and audio right in your browser – or download any captured asset to your local machine for further analysis.
With more and more web traffic being encrypted, it becomes necessary to decrypt the data before performing any analysis at the application layer. CloudShark 2.5 now lets you specify a client keylog file containing the session-id and master key for encrypted traffic. With that information, it is possible to decrypt that traffic from the client’s point of view without the need for the server’s private key!
Getting SSL decryption to work can be a tedious process of exporting keys, converting them into the right format, importing them into CloudShark, and configuring them on captures. Finding problems in this kind of setup can be difficult.
CloudShark 2.5 provides the Administrator the ability to generate an SSL debug log to assist in debugging the setup and configuration of decryption rules and keys.
Wireless traffic is often hard to analyze also due to encryption. This release adds the ability to specify a WPA passphrase or pre-shared key to decrypt 802.11 frames contained within a capture.
Behind the scenes, CloudShark leverages the powerful decode engine in
tshark. There are a multitude
of preferences and options for controlling aspects of a decoded packet and protocols. The preferences
file that manages these options is now easy to edit from within CloudShark’s web interface.
Administrators can find the button at the bottom of the Settings page.
CloudShark 2.5 includes Wireshark 1.12.4. This version of Wireshark provides several bug fixes and updates protocol support for multiple protocols.
Read the upgrade instructions for information on obtaining the latest version of CloudShark.
CloudShark 2.5 should be upgraded by running the following command as root:
bash <(curl -s get.cloudshark.org/upgrade2.5)
This resolves an issue affecting older installations that do not have the latest repository configuration on their machines. There are no other changes.
We recommend all users upgrade to this latest build of CloudShark 2.5 to eliminate any lingering issues with the repository and cloudshark-admin command.
/home/cloudsharkdirectory will be reset to
CloudShark now lets you add a sparkline Bandwidth graph to your Capture index. Useful for quickly scanning a set of capture files for spikes, dropouts, or other interesting bandwidth behavior. Click on “Table Options” and drag the “Bandwidth” column into place.
A small version of the bandwidth graph will be added to your table.
Fixed an issue when loading capture files via URL through the VIEW or OPEN api calls. These URLs were being escaped an extra time within CloudShark leading to issues for some parameters.
Increased the external-authentication timeout for AD/LDAP users to 55 seconds. This helps some users who were having trouble with slow logins. If you are experiencing problems with delayed logins, please read our updated external authentication guide.