CloudShark Support

CloudShark 3.5

Release Type Release Number Release Date
Original CloudShark 3.5 July 11th, 2018
Hosted-only Maintenance Release #1 CloudShark 3.5.1 August, 2018
Maintenance Release #2 CloudShark 3.5.2 September 12th, 2018

CloudShark 3.5 July 11th, 2018


It’s summer here in New England and the CloudShark team is back from Sharkfest ‘18 which was held in Mountain View, CA at the Computer History Museum over the last week in June. We met a bunch of great people, all packet enthusiasts like ourselves. It was a great time.

Our latest Enterprise release comes with an updated TShark engine under the hood, and some general improvements to the CloudShark internals as well.

— CloudShark

New Features and Highlights

Wireshark 2.6.1

Wireshark 2.6 is running under the hood of CloudShark 3.5. There are so many improvements and additions that it’s worth taking a look through their release notes.

A few display filter changes to note:

  • The “matches” display filter operator is now case-insensitive.
  • The membership operator now supports ranges, allowing display filters such as tcp.port in {4430..4434} to be expressed.
System-wide Preferences

If you have additional custom preferences, color rules, macros, or other custom preferences saved in your ~/.wireshark directory, you will need to migrate those to the new ~/.config/wireshark/ path.

Enable/Disable Protocols

There are so many times that debugging an issue at one protocol is cluttered up by upper layer protocols for the same packet. This happens a lot when debugging TCP issues on an HTTP conversation.

The Custom Protocol Preferences dialog added in the previous release has been expanded to include Protocol Toggles. These are fields that let you toggle protocols on and off depending on what you’re analyzing. The settings stick with the file as you share it as well.

It is now possible to disable HTTP for a single capture file at a time in order to quiet down the HTTP protocol information from overwhelming your TCP analysis.

Here’s an example of a TCP conversation with the HTTP analysis layer turned off!

Other Improvements

Less-strict autoimport directory permissions

Autoimport directories now only require that the cloudshark system user have READ access to the files contained within them. This helps keep separation between the system users and a user account that is able to place files in those directories.

This should be completely transparent to existing autoimport locations. If you have any questions about this change, please contact support.

Bug fixes and other changes

  • Add stand-alone Threat Summary window (Threat Assessment Add-on)
  • Removed support for OGG-format VoIP calls / RTP streams.
  • Fix issue with installer not respecting ENV[HOME]
  • Migrate internal Wireshark preferences from ~/.wireshark to ~/.config/wireshark
  • New locations for the nginx error_log and access_log
  • Upgrade included Redis version to 3.2.12
  • Loosened version requirement for external Redis to 3.2.x (AWS)
  • Fixed a bug when an SSL Keylog and customer protocol preferences were set at the same time

Upgrade Instructions

Enterprise customers upgrading from a version as old as CloudShark 2.8.x can run the following as root to perform the upgrade:

cloudshark-admin --install-latest

Please read the upgrade instructions if you are upgrading from an older version of CloudShark.

CloudShark Hosted

If you are a CloudShark Hosted customer accessing through https://www.cloudshark.org, the system has already been upgraded and is running now!

CloudShark 3.5.2 Sept. 12th, 2018


CloudShark 3.5.2 is a maintenance release to update some internal components and apply some minor bug fixes. We recommend upgrading to get the latest dissectors and protocol support.

New Features

Decrypt TLS 1.3 Traffic

OpenSSL 1.1.1 was released recently and features support for TLSv1.3. This protocol was officially published by the IETF over the summer.

We’re excited that this version of CloudShark is able to decrypt TLSv1.3 traffic. We have a sample capture here that was created with the new OpenSSL 1.1.1 client and server showing the decrypted traffic.

We are planning a blog post that goes more in-depth about this feature. Subscribe to our newsletter so you’ll be in the loop when that is published.

Additional Updates

New TCP Flags column-preset

The CloudShark Custom Columns dialog box lets you configure specific columns on a per-capture or per-user basis. Whenever you set some columns, you can choose to keep these columns for anyone that looks at that capture.

We’re always evaluating the best techniques for analysis, and a column we found helpful to add to the list is “TCP Flags”. Check out this capture to see what the new column looks like in action.

Improved layout for long file names

Thanks to feedback from one of our customers, we’ve been able to improve the layout of the decode view when looking at a capture file with a very long name. The file name will be truncated, but if you can make your browser wide enough, should reappear. Additionally, hovering over the name with your mouse will show you the full filename.

Check it out on this really long name.

Additional Bugfixes and Updates

  • Resolved a rare issue that could cause the system-id to flip on reboot. If this affects you please contact support@cloudshark.org to resolve it.
  • The current CLOUDSHARK_USER is now available from the Linux environment when fetching captures by URL.
  • Improves the layout of the Conversations window for captures without certain conversations.
  • Upgrades to the latest release of Suricata 4.x for the Threat Assessment Addon.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: