CloudShark 3.0.0

Release Type  Release Number  Release Date 
Original  CloudShark 3.0 July 11th, 2016 
Maintenance Release #1  CloudShark 3.0.1 July 27th, 2016 
Maintenance Release #2 CloudShark 3.0.2 August 19, 2016 

CloudShark 3.0 July 11th, 2016

We started talking about some of the features in this version over a year ago, and we’re really excited to finally release it to you. The biggest new feature in CloudShark 3.0 is DeepSearch — the first display-filter based packet capture search tool. We’ve added a DNS analysis tool to your arsenal, and made some major updates to the protocol engine, dissectors, and behind the scenes components.

As with each of our releases, we couldn’t have done it without the great ideas and feedback from our customers. As you start to use the new features in CloudShark 3.0 please let us know what you think!

— The CloudShark Team

New Features and Highlights

CloudShark DeepSearch

With CloudShark 3.0 we are taking a huge step forward and introducing a way to look inside your capture files and find files based on individual packets. We call it DeepSearch.

search screenshot

From the beginning, CloudShark has always made it easy to organize and store a large archive of your capture files. The advanced metadata filters made it easy to find a capture file whether it was from a certain time and date, user, encapsulation or file type, contained a particular annotation or was labeled with custom tags.

DeepSearch uses the same display filters that you use today, so there’s no need to learn a new complicated and incomplete query syntax. You can search through files to find packets that match a particular protocol, look for important host addresses, find fields with specific values, match packet data against regular expressions, and anything else you can describe with a display filter.

We think this is the next logical step for packet capture management, and are excited for you to check it out.

Learn more about DeepSearch.

DNS Analysis Tool

dns screenshot


DNS is the backbone of the internet. Often, when troubleshooting network issues, we find ourselves analyzing DNS. CloudShark 3.0 adds a new comprehensive DNS analysis tool that lets you explore the DNS requests, responses, errors, and timing information from a capture file.

The new DNS Activity tool lets you start from a high-level summary of the DNS response codes, and drill down to the individual packets. You can graph and compare response times from different servers, and see which servers are reporting errors. Then, use CloudShark’s sharing tools to pass that analysis off to the responsible team.

Read more about the new DNS Activity tool.+

TShark 2.0

CloudShark has been updated with the latest protocols and dissectors from the latest Wireshark 2.0 release. You can read the Wireshark release notes here.

New services configuration file

If you have an external database or caching cluster setup to run CloudShark at scale, we have improved the way those services are configured with CloudShark 3.0. This is the first step towards making a more modular system that can grow along with our customers’ needs.

Nothing needs to be done if you have configured a different database location — your previous settings will be migrated to the new services.conf file. If you are using the default local database, you won’t even notice the difference.

Upgrade Instructions

Users upgrading from CloudShark 2.8.x can run cloudshark-admin --install-latest as root to perform the upgrade.

Please read the upgrade instructions if you are upgrading from an older version of CloudShark.

Bug fixes and other changes

  • Expand table check-box target area to reduce accidental clicks
  • Read-Only captures are now available to be merged
  • Improve the Admin’s ability to search for users by partial names
  • Fix issue when trying to parse large XML payloads
  • Fix problem exporting graphs from Safari
  • Fix rendering bug with SIP Statistics charts
  • Improve logging and eliminate race condition within the AutoDelete script
  • Increase granularity to include hourly for the AutoDelete script Move capture index table options into the Preferences menu
  • Add the maxlength attribute on the Password login field (improves support for 1Password etc.)
  • Includes Redis 3.2 for DeepSearch Upgrade to Ruby 2.3

Maintenance Release #1 July 27th, 2016

CloudShark 3.0.1 addresses a couple of minor issues following the release of version 3.0.

New Annotations API parameter

The Annotations API has added a new optional parameter quiet to suppress output when adding a new annotation. CloudShark will return a successful 204 No Content HTTP response without the other annotations on the file.

Bug fixes and other changes

  • Upgrade the JSON parser to be consistent across tools
  • Improve access permissions and error messages for DeepSearches

Maintenance Release #2 August 19th, 2016

CloudShark 3.0.2 fixes a regression affecting the performance and handling of concurrent HTTP requests. We recommend that all customers who are on the 3.0 series upgrade to this version.

Other bug fixes and improvements

  • Resolve an issue when creating packet annotations in combination with display filters
  • Packet Lengths analysis tool should count packets larger than 5120 bytes
  • Upgrade graphing library to the latest release
  • Re-enable alternate tshark configurations