CloudShark Support

Installing CloudShark on AWS

Really Really Quick Instructions

CloudShark can be installed on an AWS EC2 instance with EBS-backed storage. Choose a 64-bit RHEL or CentOS Linux AMI to start with, and allow access to TCP port 22 (ssh) and TCP port 443 (https) in the security group.

Log into the console of the server and install CloudShark by running:

sudo su -
bash <(curl get.cloudshark.org/aws)
cloudshark-admin --register --install-latest

Read on for the step-by-step walk-through.

Watch the setup video

If you’d like to follow-along with us, you can watch our step-by-step setup video for setting up a new EC2 instance for CloudShark on AWS.


Introduction

Amazon Web Services can be a fantastic way to get a virtual server running in a short amount of time.

Start off by logging into your AWS console , and selecting your region.

Setting Up a new EC2 instance

Choose an AMI

CloudShark installs on either RHEL or CentOS Linux. Versions 6.x or 7.x are both supported. The machine must be 64-bit however. For the purposes of this guide, we selected a Red Hat Enterprise Linux 7.1 AMI as the base for our installation. It is eligible for Amazon’s free-tier as well.

Select your desired AMI from the list of available images.

Instance Type

Choosing an instance type is a decision specific to your intended usage. If you are just doing a demo, CloudShark will run just fine on a t2.micro instance. However, for production installations with a heaver load, multiple users, and larger capture files, something bigger may be a better fit.

Please check our system requirements to see what instance types CloudShark supports running on and recommendations based on the number of users and typical capture size.

Instance Details

If you have details specific to your own AWS environment, you can set them in step 3. If you don’t know what any of these are, simply move to the next step.

Storage Options

CloudShark needs to store files on a persistent disk. Native storage on S3 is not currently supported. Disks are able to be resized after they have been created, but start with a good estimate of how much space you will need.

Tag Instance

Again, tags can be very specific to your environment. If you don’t use these, simply skip to the next step.

Security Group

CloudShark ships with a default self-signed SSL certificate and is set up to run on port 443. The only ports needed in this profile are SSH (22) and HTTPS.

If you would like to lock this down even further, you can specify a source address for connections. Be careful to include yourself in that source!

Review and Launch

Congratulations, you’ve made it through configuring your new EC2 instance. Go ahead and click that “Launch” button. You’ll be prompted to configure the SSH key that you will need to access the server.

SSH Key

Choose the SSH key you will use to connect into the new server. If you need to download the file, do so now.

DO NOT LOSE THIS KEY! If you do, it is very difficult to change it and get access to your server again.

Launch!

AWS will now create and launch your new EC2 instance. This process can take a couple of minutes.

Navigate back to the full list of instances to check the status of your new machine.

All Set

Back on your EC2 Dashboard you can see the status of your new instance. When it is running, it will be assigned a public DNS record as well as a public IP address. You will need that information in the next step.

The public DNS address can be found in the table next to your new instance.

Connecting To Your New Server

SSH as the ec2-user

If you are using Windows please see our knowledge base article on how to SSH to an AWS instance from Windows.

Use SSH to connect to the public DNS name of your new instance. You will need to provide the ssh key that was defined during the creation of the instance.

ssh -i key.pem ec2-user@ec2-XX-XX-XX-XX.compute-1.amazonaws.com

Note on SSH Key Permissions

SSH can be picky about file permissions on private keys. For Mac/Linux please run the command chmod 400 <keyfile> prior to using it.

Install CloudShark

Next we must become the root user to begin installing CloudShark. Run the command sudo su to become the root user.

Note that we need to run bash <(curl get.cloudshark.org/aws). The AWS part is very important. You will be asked for your CloudShark Lounge username and password after running this command.

Initial Bootstrapping Completed

If that all worked, you should see something similar to the below image.

Register and Install the Latest Version of CloudShark.

Run the command cloudshark-admin --install-latest --register to install the latest version of CloudShark and register your CloudShark license to this AWS EC2 instance.

Done!

That’s all there is to it! CloudShark is now running on your new AWS EC2 server.

Connecting via your web browser

Next open up your browser to browse to your CloudShark Appliance. You will have to use HTTPS to securely access CloudShark.

https://<Public DNS of your AWS EC2 Instance>

SSL Warning

Since CloudShark ships with its own self-signed certificate your web browser will not trust this and you will likely be presented with a warning similar to the one below:

Work-around

Typically you would not want to proceed after receiving this warning but since we know that we are using a self-signed certificate and that is why we are receiving this message you can while trialling CloudShark or setting up your CloudShark Appliance on AWS the first time. When actively deploying CloudShark please follow the instructions on our HTTPS support site to upload your own certificate and to learn more.

CloudShark is now fully installed.

Congratulations! You’ve now deployed CloudShark on an Amazon AWS EC2 instance. After giving yourself a quick pat on the back start uploading your capture files to CloudShark and enjoy analyzing these in the cloud!

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: