CloudShark Support

Administrator Guide

The CloudShark Administrator Guide is for administering CloudShark. This includes its deployment, configuration, upgrades, and access. If you want to use CloudShark, you should instead visit our User Guide.

Installing and Upgrading CloudShark

We publish a Quick Start guide for Linux administrators installing CloudShark. Some customers prefer a complete solution, and our PCA1000 appliance is a hardware platform with CloudShark pre-installed.

Upgrading CloudShark is generally a single command.

Please ensure your users are using a compatible browser.

If your CloudShark installation is offline, it is still possible to Install CloudShark Offline with a few extra steps. The license must be installed manually and a specific OS DVD-ISO must be mounted for installing several extra OS packages.

As a client, CloudShark can use a Proxy for its OS updates and also its packet capture acquisition.

CloudShark is Reverse Proxy compatible - this means it can be proxied by another middleware server so long as it is configured on a root URL.

Like any system, we recommend backups as regularly as your own policies require.

Configuring CloudShark

Network and Server Settings

Please take an opportunity to become familiar with the CloudShark Administrator Menu when you have a moment. CloudShark’s default configuration is to use IPv4 and unencrypted HTTP, but IPv6 and HTTPS are both fully supported.

Authentication (Users and Groups)

Each CloudShark user is generally given their own account. This keeps capture file assets separate, allowing individuals to analyze data on their own and bring it back to the team with new results. Some company security policies require separate user accounts. CloudShark has a versatile authentication model compatible with the requirements of most policies. To configure local users, please refer to Users and Groups. For external users refer to External Authentication to configure this with either an LDAP, Active Directory, or Single Sign-On server.

RSA Key Management (for decoding capture files)

CloudShark stores all of the RSA keys used for decoding capture files with TLS/SSL traffic in a private data store available to only the Administrator. Users are granted a token that represents access to the key, so that users can decrypt traffic but never observe the key itself. RSA Key Management demonstrates this process in full.

Using Wireshark Preferences and Macros

CloudShark users can bring Wireshark preferences or display filter macros into CloudShark. Use of preferences or macros impacts all CloudShark users system wide. To configure Wireshark preferences, please refer to decode options. To configure display filter macros, please refer to Display Filter Macros

Name Resolution

Network name resolution is disabled by default in CloudShark. To configure name resolution, please refer to DNS Resolution in CloudShark.

Kerberos Decryption

Kerberos traffic may be decrypted by supplying a kerberos keytab file. To configure kerberos decryption, please refer to Kerberos Decryption in CloudShark.

Best Practices

We recommend some Best Practices for running CloudShark in production.

Integrating CloudShark

API Access

The CloudShark API allows integration with other systems using an API token key as the user assignment/authentication mechanism. With this API, many organizations have integrated CloudShark into their processes. One very popular scenario that we have detailed is Integrating CloudShark with Cisco IOS.

Wireshark Plugin

We publish a Wireshark Plugin for Wireshark users that want to upload their live capture files directly into CloudShark. This requires the Administrator to establish an API token key, which is then configured in the Wireshark plugin editor.

About CloudShark Appliance

CloudShark Appliance is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: