CloudShark Plugin for Wireshark
By stretch | Thursday, February 2, 2012 at 3:15 a.m. UTC
The folks at QA Cafe premiered their impressive (and free) online CloudShark service in the summer of 2010. (If this is the first you've heard of it, stop reading now and go have a look.) Just recently they released a Wireshark plugin to make uploading capture files to the service even more convenient.
To install the plugin, you'll need a version of Wireshark built with Lua scripting support. See Help > About to check for Lua support in your version (look for "with Lua" in the "Compiled" paragraph).
stretch@Sandbox ~/cloudshark-1.0-136 $ ./install-unix Starting installation of CloudShark plugin for WireShark Plugin will be installed into /home/stretch/.wireshark/plugins/cloudshark Installing default plugin configuration file. The CloudShark Plugin for Wireshark is now installed. Please restart Wireshark. Visit http://appliance.cloudshark.org for additional help
You may also need to edit /etc/wireshark/lua.init to enable Lua scripting depending on the version of Wireshark you have installed:
-- Lua is disabled by default, comment out the following line to enable Lua support. --disable_lua = true; do return end;
To upload a completed capture, go to Tools > CloudShark > Upload. (If you don't see a CloudShark option under the Tools menu, either something went wrong with the installation or you don't have Lua support.)
While it is possible to upload a live capture, the CloudShark plugin user guide does warn that it may result in some packets not being included in the uploaded capture, depending on the rate at which packets are coming in. Depending on what filters are in place, you also risk re-capturing the traffic being uploaded.
You have the option to add some keywords and specify a custom file name for the upload.
Hit OK and your capture file is automatically uploaded to CloudShark. Upon success, your uploaded capture will be opened in a new browser window. The URL of the uploaded capture is also noted in the confirmation dialog.
Very handy indeed!
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Packet Analysis
February 2, 2012 at 3:22 a.m. UTC
Hey, Jeremy - cloudshark.org - you have .com.
Great to see you writing, again!
February 2, 2012 at 3:24 a.m. UTC
Derp. Thanks for catching that.
February 13, 2012 at 4:58 a.m. UTC
how secure is this? What encryption does it use please?
February 13, 2012 at 9:07 p.m. UTC
The Wireshark plugin uses HTTPS to upload capture files to either cloudshark.org or your own private cloudshark appliance. The capture file is sent as POST with multipart/form-data.