I just stumbled onto this site tonight. You can look at .pcap files in a web browser. I thought it was pretty cool in a pinch. asked 26 Oct '10, 23:54  Owen |
4 Answers:
Thanks for the opportunity to shed some light on why we created CloudShark.org. We original developed the browser based decode idea to work with our own product CDRouter developed by QA Cafe. Once we saw this working with CDRouter, it made sense to break this out into a stand alone site and CloudShark.org was born. I am not going to debate the security concerns of sending a capture file into the cloud. This does not make sense in many cases. The security issue is true of many cloud applications. But there are a number of situations where having a browser based solution is extremely helpful. Consider the following ... 1) Web sites that host example capture files can now integrate those capture files into the browsing experience. This makes the capture file more accessible to anyone browsing the site. This is great for education and training sites. Take a look at what PacketLife has done with their capture examples. http://packetlife.net/captures/ 2) Wireshark is not always available on every computing platform. For example, iPads, smart phones, etc. Even if Wireshark does support the OS, it may not be installed and you may not be allowed to install it. Consider a public terminal. In these situations, CloudShark is very helpful. 3) A CloudShark URL can point to a specific packet in a capture file and make linking very easy. This makes it easy to share a packet with a non-wireshark user. Most of the feedback we have received on CloudShark has been positive. Many security minded folks have pointed out the risk of sending capture files into the cloud. Certainly, CloudShark is not a complete replacement for running Wireshark locally. But the cloud concept does have merit to many situations where you need to look at a capture file. It is up to the user to decide when this is appropriate. answered 27 Oct '10, 06:56  cloudshark Thanks for giving us some insight into CloudShark.org. Appreciate your participation. (27 Oct '10, 12:15) lchappell ♦ A couple updates to this thread ...
(05 Nov '11, 09:44) joemc |
<opinion> Let's see... upload a trace file containing my company's communications to a "cloud" server... do my analysis there as opposed to doing it on my own system in the safety of my network... Uh... what exactly did I gain? A good friend sent me this quote and the source is unknown... perhaps someone can find it for me... "The Cloud is like sex in high school. Everyone is talking about it, few people doing it. None are good at it." I hate to "rain" on the cloud parade, but... reading the FAQ... "While the URLs to your decode session are not publicly shared, we make no claims that your data is not viewable by other CloudShark users. For now, if you want to protect sensitive data in your capture files, don't use CloudShark." No jabs at Cloudshark at all... they found an opportunity and it's an interesting one. What happens when you can't upload that corporate trace file someday to that site... take a trace of your upload to the cloud and... wait for the "cloud" to support that upload someday? After an interesting invitation to speak on cloud computing at TechEd 2010, I reveled in the opportunity to sit on a tech-savvy panel and address the issue of "you hate your ISP now, but you'll rely on them for your full corporate communication system...?" I defer to the brilliant likes of Guy Harris to speak to the Wireshark community on the advantages/disadvantages of using/analyzing in the cloud community... Guy? My quick thoughts here as I wrap up a long day of recording - could someone explain why it would be advantageous to upload a trace file to the "cloud" to analyze it rather than just run Wireshark and look at the packets? <opinion off> answered 27 Oct '10, 00:25  lchappell ♦ edited 27 Oct '10, 00:47 |
As pcap file gets uploaded to the site, there is no status or progress bar for the upload. So you have to run wireshark on your computer locally anyway to see if data is being sent :) answered 28 Oct '10, 07:42  net_tech |
I'm 100% in agreement with Laura. Why would I want to upload corporate information to the cloud, period? On a daily basis I defend my resolve not to depend on the cloud for certain types of information. I took notes at that TechEd2010 panel discussion. There were some great points made about the inability to analyze your own information once control has been passed to a cloud provider. As an information security and business continuity specialist, the last thing I want is to lose control of my organization's information. Not only do I want to know our information is tucked in safe and sound, but who is accessing it how and when. And I want to be able to prove that with proper analysis. answered 28 Oct '10, 09:03  Roberta Osmers |
Unable to load Capture: The file is too large to import. Please limit files to 512,000 bytes
Just to address the 512K limitation ... We recently rolled out a CloudShark update that increases the uploaded capture file size to 5 Megabytes.
http://beach.cloudshark.org/post/1464674390/cloudshark-november-updates
The update includes navigation sparklines and infinite scrolling.
Thanks for the link, it is a very interesting resource. I work with Cisco and I find it to be one more useful tool in my toolbox.
If somebody ever comes up with a way to embed packet captures on a web page similar to what I posted in my initial question, would be much appreciated.