CloudShark Plugin for Wireshark

By stretch | Thursday, February 2, 2012 at 3:15 a.m. UTC

The folks at QA Cafe premiered their impressive (and free) online CloudShark service in the summer of 2010. (If this is the first you've heard of it, stop reading now and go have a look.) Just recently they released a Wireshark plugin to make uploading capture files to the service even more convenient.

Installation

To install the plugin, you'll need a version of Wireshark built with Lua scripting support. See Help > About to check for Lua support in your version (look for "with Lua" in the "Compiled" paragraph).

The plugin is available here for Windows, Mac, and Linux. The simple installation procedure for the Linux version is below. Consult the user guide for additional support.

stretch@Sandbox ~/cloudshark-1.0-136 $ ./install-unix
Starting installation of CloudShark plugin for WireShark

Plugin will be installed into /home/stretch/.wireshark/plugins/cloudshark
Installing default plugin configuration file.
The CloudShark Plugin for Wireshark is now installed.
Please restart Wireshark.

Visit http://appliance.cloudshark.org for additional help

You may also need to edit /etc/wireshark/lua.init to enable Lua scripting depending on the version of Wireshark you have installed:

-- Lua is disabled by default, comment out the following line to enable Lua support.
--disable_lua = true; do return end;

Uploading

To upload a completed capture, go to Tools > CloudShark > Upload. (If you don't see a CloudShark option under the Tools menu, either something went wrong with the installation or you don't have Lua support.)

cloudshark_upload.png

While it is possible to upload a live capture, the CloudShark plugin user guide does warn that it may result in some packets not being included in the uploaded capture, depending on the rate at which packets are coming in. Depending on what filters are in place, you also risk re-capturing the traffic being uploaded.

You have the option to add some keywords and specify a custom file name for the upload.

cloudshark_upload_options.png

Hit OK and your capture file is automatically uploaded to CloudShark. Upon success, your uploaded capture will be opened in a new browser window. The URL of the uploaded capture is also noted in the confirmation dialog.

cloudshark_upload_success.png

Very handy indeed!

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Packet Analysis

Comments


CarlOS (guest)
February 2, 2012 at 3:22 a.m. UTC

Hey, Jeremy - cloudshark.org - you have .com.

Great to see you writing, again!


stretch
February 2, 2012 at 3:24 a.m. UTC

Derp. Thanks for catching that.


Jolyon (guest)
February 13, 2012 at 4:58 a.m. UTC

Hi,

how secure is this? What encryption does it use please?

J.


CloudShark (guest)
February 13, 2012 at 9:07 p.m. UTC

The Wireshark plugin uses HTTPS to upload capture files to either cloudshark.org or your own private cloudshark appliance. The capture file is sent as POST with multipart/form-data.

Comments have closed for this article due to its age.