The CloudShark Administrator Guide is for administering CloudShark. This includes its deployment, configuration, upgrades, and access. If you want to use CloudShark, you should instead visit our User Guide.
We publish a Quick Start guide for Linux administrators installing CloudShark. Some customers prefer a complete solution, and our PCA1000 appliance is a hardware platform with CloudShark pre-installed.
Upgrading CloudShark is generally a single command.
Please ensure your users are using a compatible browser.
If your CloudShark installation is offline, it is still possible to Install CloudShark Offline with a few extra steps. The license must be installed manually and a specific OS DVD-ISO must be mounted for installing several extra OS packages.
As a client, CloudShark can use a Proxy for its OS updates and also its packet capture acquisition.
CloudShark is Reverse Proxy compatible - this means it can be proxied by another middleware server so long as it is configured on a root URL.
Like any system, we recommend backups as regularly as your own policies require.
Please take an opportunity to become familiar with the CloudShark Administrator Menu when you have a moment. CloudShark’s default configuration is to use IPv4 and unencrypted HTTP, but IPv6 and HTTPS are both fully supported.
Each CloudShark user is generally given their own account. This keeps capture file assets separate, allowing individuals to analyze data on their own and bring it back to the team with new results. Some company security policies require separate user accounts. CloudShark has a versatile authentication model compatible with the requirements of most policies. To configure local users, please refer to Users and Groups. For external users refer to External Authentication to configure this with either an LDAP, Active Directory, or Single Sign-On server.
CloudShark stores all of the RSA keys used for decoding capture files with TLS/SSL traffic in a private data store available to only the Administrator. Users are granted a token that represents access to the key, so that users can decrypt traffic but never observe the key itself. RSA Key Management demonstrates this process in full.
CloudShark users can bring Wireshark preferences or display filter macros into CloudShark. Use of preferences or macros impacts all CloudShark users system wide. To configure Wireshark preferences, please refer to decode options. To configure display filter macros, please refer to Display Filter Macros
Network name resolution is disabled by default in CloudShark. To configure name resolution, please refer to DNS Resolution in CloudShark.
Kerberos traffic may be decrypted by supplying a kerberos keytab file. To configure kerberos decryption, please refer to Kerberos Decryption in CloudShark.
We recommend some Best Practices for running CloudShark in production.
The CloudShark API allows integration with other systems using an API token key as the user assignment/authentication mechanism. With this API, many organizations have integrated CloudShark into their processes. One very popular scenario that we have detailed is Integrating CloudShark with Cisco IOS.
We publish a Wireshark Plugin for Wireshark users that want to upload their live capture files directly into CloudShark. This requires the Administrator to establish an API token key, which is then configured in the Wireshark plugin editor.