CloudShark 1.4.0

Original release: CloudShark 1.4 Build 906, March 27, 2012 This release requires version 1.29 of the CloudShark Tools package

New Features and Highlights

  • Enhanced CloudShark Graphs analysis tool

The Bandwidth Graphs analysis tool originally included in release 1.3 has been renamed CloudShark Graphs and updated with a number of significant enhancements. The new CloudShark Graphs tool allows users to create and save multiple graphs for each capture file. Graphs now support interactive zooming and the ability to customize the data series that are shown using standard display filters. In addition, each data series can be independently displayed using any of the five built-in graph types: area, line, column, spline, or areaspline.

  • New Decode Protocol As analysis tool

The new Decode Protocol As analysis tool allows users to define custom rules for decoding protocols running on non-default ports. Up to five unique and persistent custom protocol decode rules can be defined for each capture file. This tool is fantastic for automatically decoding scenarios such as HTTP/HTTPS sessions that may be running on ports other than the standard ports 80 and 443.

  • New API calls

Version 1 of CloudShark’s API has been updated with four new calls: the info call, the annotations call, the delete call, and the download call. These new calls give API users greater flexibility and more control over the capture file assets on a CloudShark system.

  • New CloudShark Enterprise version

CloudShark is now available in two versions - the base version, referred to as CloudShark Appliance, and a new version referred to as CloudShark Enterprise CloudShark Enterprise builds upon CloudShark Appliance by including three additional enterprise specific features: external user authentication, custom dissectors, and clustering support. All existing CloudShark users will be upgraded to CloudShark Enterprise at no additional cost.

  • Support for custom dissectors

CloudShark Enterprise can be configured to use custom builds of Wireshark that are compiled with your organization’s own proprietary protocol dissectors. For more information on configuring CloudShark Enterprise with custom dissector support and to obtain a development environment kit, please contact

  • Improvements when applying display filters

The URL of the decode session is now kept in-sync with any display filters that are applied to the capture file. This makes it easier to share sessions with filters by simply copying the URL.

  • Enhanced VoIP Calls analysis tool

Individual packets within the call flow view can now be clicked, which opens a dialog box displaying a decode of the associated packet. The visual display of calls in the call flow view has also been improved.

  • Colorization is now enabled by default

Packet colorization in the decode window is now enabled by default. Colorization settings can be modified on a per user basis in the new Custom Settings window.

  • User preferences can now be saved

Within the analysis tools window there is a new Custom Settings window. This window allows preferences to be set on a per-user basis. Two preferences are currently available: Show annotations when capture loads, and Colorize packet summary list. These preferences will be applied to every capture viewed by the associated user.

  • General performance improvements

A number of changes have been made ‘under the hood’ in this release to improve CloudShark’s speed and overall performance.

  • Nginx security update

CloudShark has been updated with nginx-1.0.14 which addresses a March 2012 security vulnerability.

  • Better browser detection

CloudShark now includes reminders that only Chrome, Firefox, and Safari are supported.

  • User input is now more strictly validated

CloudShark now performs a higher level of validation on all user input. This change was incorporated to resolve a shell injection vulnerability that was identified in early versions of CloudShark 1.3.

  • Upload to CloudShark from Cisco IOS Devices

CloudShark now supports uploads directly from Cisco IOS devices. See this post for more information.

Known Issues

  • The overall upload progress bar does not work in Google’s Chrome web browser.