CloudShark 3.10 includes support for QUIC, DoH decryption, JA3/s communityID, and more

November 16, 2022

QA Cafe is excited to announce the release of CloudShark 3.10! There are several powerful new features and improvements that we’re proud to offer the packet capture analysis community. In addition to running Wireshark 3.6.9 under the hood, here’s a quick look at some of the new stuff:

New protocol support

See some sample captures from our new supported protocols!

CloudShark users can now dissect the QUIC protocol natively. With so much of the web moving to QUIC, this is a big need for application troubleshooting in particular. Along with that is the ability to decrypt DNS over HTTPS (DoH) streams using an available keylogfile. You can also now analyze pcapng files that include an embedded Decryption Secrets Block (DSB).

TCP processing also got some love in this release. Pcaps with very large TCP streams will open and display faster, out-of-order packets can be re-assembled, and both raw and relative sequence numbers can be displayed together.

We’ve also made some improvements to our RTP and VoIP playback. Users can now listen to audio using the OPUS codec, and the sound quality of the audio files has been improved.

Support for JA3/s and CommunityID hash flows

One of the things we believe is most important to the network, application, and cybersecurity analysis process is the ability to coordinate the information from multiple tools together, moving from summaries to packets to flow information with ease. It’s why we have tools like Suricata and Zeek built into CloudShark.

The analysis community believes this too, and there are a few standards out there that help this work by adding hashes to fingerprint TLS clients and TCP streams. These include the JA3 hash (by Salesforce) and CommunityID (by Corelight), both available as open-source standards. CloudShark can now act on this information to make this seamless network analysis even easier.

Wireless networks refresh

We’ve rebuilt the WLAN Networks tool to better identify the security modes that networks of a given SSID are advertising in their Beacon and Probe packets. This also means support for WPA3 detection, the latest Wi-Fi security standard.

That’s a summary of the improvements in our latest version! You can read the full release notes here. 3.10 is now active for CloudShark Personal SaaS users, and CloudShark Enterprise customers can upgrade their systems at any time. Enjoy it, and let us know if you have any feedback!