The capture file index is the homepage for any logged-in CloudShark user. It shows all the capture files that are available to the user.
Each column header in the capture file index can be clicked to sort the list on that column. A second click will reverse the order of the column. If the number of capture files in the index spans multiple pages, additional navigational links will be displayed in the top right corner of the table, along with the total number of capture files in the index.
To view other pages, use the First, Previous, Next, and Last links in the index header, or click on a specific page number. The number of results displayed per page is 30 by default. This can be configured with a user preference
Capture files can also be tagged, deleted, or shared directly from the capture file index page using the Add Tags, Delete, and Sharing buttons, if the current user has the appropriate privileges for the selected file(s). See the section on sharing captures for more information on the different sharing options that are available.
Clicking on any row in the capture file index will open that capture file in the decoder window for viewing, analysis, and annotation. Holding the CTRL key (COMMAND on Mac) while clicking a row will open the capture file in a new tab within the browser.
Tags are short descriptive strings associated with capture files. A capture file can have up to 30 tags, comma delimited. Their use is restricted only by the imagination of the user. Tags are useful for aggregation, as an example use. Dates, events, people, places, devices, even vague exclamations such as “weird!” are all viable tag names. It may become more obvious how you personally discover tags to be useful as you begin using CloudShark regularly.
Tags can be added to capture files three different ways:
The Info icon/button: The Info icon is displayed to the left of every capture file as a blue circle with an “I” in it. Clicking the Info icon opens the file info pop-up which allows tags to be added or removed from the capture file. Note that the file info pop-up is also available from the decoder window when viewing capture files.
Add Tags button: Tags can be added to one or more capture files by selecting them from the capture file index and clicking on the Add Tags button. Note that tags cannot be removed from files using the Add Tags button.
Auto-Imports and API Tokens: Tags can also be automatically applied to capture files that are uploaded using the Auto-Import feature or API Tokens. Please see the section on importing files for more information.
When tags are applied to a file they will be displayed in the Tags column in the capture file index. Tags can also be used as criteria when searching for files.
CloudShark admin users also have a special page for bulk editing or removing tags system-wide. See the Admin Guide for more information.
Searching the Capture File Index
CloudShark includes an advanced search feature for drilling down and quickly finding specific capture files on the system.
CloudShark’s search feature allows multiple search filters to be applied to the capture file index. An individual search filter can be removed from the search list by clicking on the “X” in the top right corner of the filter box.
Likewise, favorite search filters can be pinned to the side of the captures index by clicking on the small pin icon. Pinned search filters are stored per user and will persist even when the user logs in from a different location.
The current search can be cleared entirely at any time by clicking the reset link. Pinned search filters will remain pinned if the reset link is clicked.
Available Search Fields
The following search filters are available:
File Name: Search for files with a specific text string in the filename. This is a useful way to find files uploaded by URL, since the URL is saved as the filename.
Username: Search for files owned by a specific user.
Group: Search for files associated with a specific group.
Sharing: Search for files based on various sharing attributes.
Comments & Annotations: Search for files that have comments or annotations, or search for files with comments that contain specific text strings.
Tagged With: Search for files with specific tags. Selecting Match Any will match captures with any of the specified tags. Selecting Match All will only match captures that have all of the specified tags.
Uploaded Date: Search for files uploaded between specific dates. For example, search for files uploaded within the past 7 days.
Upload Time: Search for files uploaded between specific times. For example, search for files uploaded between 12:00 AM and 1:00 AM.
Capture Date: Search for files containing packets that were captured on or between specific dates. For example, search for files containing packets captured within the past 7 days.
Capture Time: Search for files containing packets that were captured on or between specific times. For example, search for files containing packets captured between 12:00 AM and 1:00 AM.
Encapsulation: Search for files with packets containing specific encapsulations.
Type: Search for files of a certain type. This is most commonly libpcap.
File Size: Search for files of a certain size. This search filter allows exact size matching or comparative matching based on the size of the capture file, which is the data encapsulated in the packets plus the packet structures.
Data Size: Similar to the File Size search filter, this allows for searching based on the size of just the data encapsulated.
Duration: Search for files with based on the duration of the captured session, in seconds. This search filter allows exact or comparative matching of the capture session duration.
Packets: Search for files based on the number of packets. This search filter allows exact or comparative matching of the number of packets.
Byte Rate: Search for files based on the average number of bytes transferred per second.
Bit Rate: Similar to the Byte Rate filter, but measured in bits.
Average Packet Size: Search for files based on the average packet size, in bytes.
Average Packet Rate: Search for files based on the average number of packets captured per second.
SHA-1 Hash: Search for files based on the SHA-1 Hash of the capture file.
Clicking the Search button after defining a search list will display all capture files that match the search criteria.
Capture File Information
There is an info icon next to each file in the capture index. Clicking on this icon will open the Info pop-up box. This pop-up is also available when looking at a decode session by clicking on the Info button in the top right corner. The info pop-up box has four major sections:
File Info: Displays general information about the capture file. From here a user can also download the original capture file, delete the capture file, and view the capture file in the Decoder Window.
Tags: Displays any tags currently applied to the capture file. Tags can also be added or removed here by the owner of the file, admin users, or other group members (if read/write permission is enabled).
Comments & Annotations: Displays any comments and annotations currently applied to the capture file. Comments can also be added or removed here by the owner of the file, admin users, or other group members (if read/write permission is enabled).
Sharing: Displays various group access and guest access attributes of the file. These settings can only be modified by the owner of the file and admin users. See the Sharing Capture Files section for more information on these settings.