CloudShark 3.1.0

Release Type  Release Number 

Release Date 

Original  CloudShark 3.1 October 6th, 2016 
Maintenance Release #1 CloudShark 3.1.1 October 20th, 2016 
Maintenance Release #2 CloudShark 3.1.2 October 27th, 2016 
Maintenance Release #3 CloudShark 3.1.3 November 2nd, 2017 
Maintenance Release #4 CloudShark 3.1.4 November 17th, 2016 
Maintenance Release #5 CloudShark 3.1.5 December 5th, 2016 

CloudShark 3.1 October 6th, 2016

CloudShark 3.1 enhances the Ladder Diagram tool, adds Merging functionality to the API and fixes some system-usage things under the hood. You’ll see less memory usage, and fewer open file handles if you’re into that kind of thing.

If you’ve been waiting to upgrade to the 3.x series with DeepSearch, now is your chance!

— The CloudShark Team

New Features and Highlights

Ladder Diagram Endpoints

The Ladder Diagram analysis tool can now show different kinds of endpoints as nodes. You can choose between the default source/destination fields, use hardware addresses or network addresses only, or show an endpoint for each TCP or UDP stream.

Here’s an example of the new endpoints being used to visualize both the LAN side and the WAN side of a home gateway:

LAN and WAN networks

In this example we can see a client getting an address using DHCP and then requesting a website over HTTP. Since we are using the hardware address as the endpoints we can click on the TCP traffic to see the home gateway performing NAT on the packets the client sends.

Read more about the Ladder Diagram tool.

Merge via the API

CloudShark can now merge multiple captures files together into a single new file via the API. Documentation is available in our API Guide

URL fetching with curl

CloudShark has always had the ability to import a capture file directly by URL. Prior to this release we were retrieving the file from inside the CloudShark application. This required us to read the entire download into memory, as well as handle any lustom options in our code. CloudShark now uses the system standard curl tool to fetch files.

More information on configuring custom curl options can be found in the documentation

An important note about redirects: The upgrade to curl has had one significant change - CloudShark will no longer follow redirects when fetching a capture file by URL by default. Blindly following redirects was not the most secure practice. If you would like to re-enable following redirects, please see our documentation on custom curl options.

Fix for open FIFO pipes

CloudShark 3.1 fixes a problem where some system-level FIFO pipes weren’t being closed or cleaned up fast enough, leading to a “Too many open files” error message and crash in some instances. These pipes are being closed immediately after use now and will no longer cause this error.

Bug fixes and other changes

  • Fixed an issue extracting and merging files that had truncated packets
  • Improved the display and layout of very long annotations
  • Upgraded Highcharts to the latest version
  • Added activity log entries for DeepSearch usage and VoIP playback
  • The SAML Issuer-ID field can now be configured by the Admin
  • The DELETE method in the API should only respond to POSTs

Upgrade Instructions

Users upgrading from CloudShark 2.8.x can run cloudshark-admin --install-latest as root to perform the upgrade.

Please read the upgrade instructions if you are upgrading from an older version of CloudShark.

Maintenance Release #1 October 20th, 2016

CloudShark 3.1.1 reduces memory usage and improves performance in certain circumstances. We’ve also resolved a couple minor bugs that have surfaced since 3.1.0.

New: Direct links to DNS Analysis panes

The DNS analysis tool now updates the current URL as you click around making it even easier to share the page that you were looking at.

Bug fixes and other changes

  • Improve load time and memory usage for capture archives with over 10,000 unique tags
  • Reduce memory load when using the ladder diagram analysis tool
  • Fix error message when trying to change the file name of a capture that had been imported by URL

Maintenance Release #2 October 27th, 2016

This was a minor maintenance release for the service only. There were no changes made to CloudShark Enterprise.

Maintenance Release #3 November 2nd, 2016

Bugfixes and other changes

  • Resolved issue listening to VoIP/RTP calls when not logged in
  • Resolved error preventing guests from downloading HTTP Objects
  • Fixed incorrect annotation word-wrap behavior
  • Removed a deprecation warning from the cloudshark-admin tool

Maintenance Release #4 November 17th, 2016

CloudShark 3.1.4 introduces some new configuration options, and generally improves the security, memory usage, and performance of CloudShark. If you have a lot of annotations on your packets, this release will make you smile.

Fetch by URL configuration settings

New in version 3.1.4 is a configuration section for the Fetch by URL feature. Administrators can now decide if the feature is enabled at all, and which protocols are safe to allow. The default configuration is limited to http and https only. Please see our custom curl documentation for additional options.

PCAP-NG Packet Comments

By default, when CloudShark is importing a new capture file, it will read any packet comments out of the pcapng format and convert them into CloudShark annotations. This is now a configurable option found under the Settings menu and can be disabled.

Additional improvements around annotations

CloudShark 3.1.4 also addresses a few additional issues for files and users who make extensive use of packet annotations.

  • Improved browser responsiveness when displaying annotations
  • Significantly reduced memory usage when opening the capture index where there are lots of annotated files
  • Faster export of files when not including annotations

Maintenance Release #5 December 5th, 2016

This maintenance release fixes some URLs that were vulnerable to specific Cross-Site-Scripting (XSS) attacks. We recommend that all customers upgrade to this latest release.

For more information on the specifics of these, please contact