CloudShark 3.2.0

Release Type         Release Number         Release Date

CloudShark 3.2 March 28th, 2017

The snow is finally starting to melt here in the northeast US. Lots of hard work went into this release, getting us ready for some big things in the near future. Enjoy the new HTTP Streams!

— CloudShark

CloudShark Threat Analysis - Coming Soon!

CloudShark 3.2 lays the ground work for our new security-focused feature: CloudShark Threat Analysis. We’re building in powerful malware traffic detection rules and analysis features.

Interested in learning more or having a sneak-peek? Check it out on our website or get in touch with We will be reaching out to customers in the near future to talk more about this new add-on!

New Features and Highlights

Follow HTTP Streams

One of the most requested features has been the ability to uncompress and follow HTTP streams. CloudShark 3.2 adds the new “Follow HTTP” feature available in the Analysis Tools menu. The new view works exactly the same way as our existing Follow Stream view, but requires that you have first selected a packet with an HTTP section in the protocol tree.

Extracting content and objects from those streams is still performed via the HTTP Analysis - HTTP Objects tool also available in the Analysis Tools menu.

TShark 2.2.4

CloudShark 3.2 includes the latest protocols and dissectors from the latest Wireshark 2.2 release. You can read the Wireshark release notes here.

Ruby 2.4

The underlying version of Ruby has been updated. This brings several improvements including the resolution of one particularly nasty segfault we were seeing in production. Heroku has an excellent writeup on what’s new in Ruby 2.4. Redhat also has a nice writeup on the faster hash tables in this release.

Improved session and cookie options

CloudShark now lets you configure additional defaults for login sessions and cookie handling. These options are not available through the Web UI and must be set by the administrator directly through SSH access on the system.

Please read our Best Practices for Cookie Management document for details on how to set and use the following options:


CloudShark does not need to access cookie data from within the application, so the HTTPOnly flag on the cookies is set by default. This improves security by preventing JavaScript from accessing cookies on the page.

Secure Flag

If you are running CloudShark in an HTTPS-Only mode, you should also enable the Secure flag on cookies in order to prevent them from being transferred over a non-HTTPS connection. If Secure Cookies are enabled you will not be able to log in via HTTP, and we strongly recommend HTTP access be turned off.

Default Cookie Domain

In some environments it is very important to specify a default cookie domain. This option allows administrators to control that field in the cookie.

Cookie Expiration / Login Session Lifetime

The duration of a login session is tied to the expiration date of the cookie that is set by CloudShark. This value is now configurable by the system administrator.

Improved Proxy Support

The CloudShark installer has been improved to work better when behind a proxy server. Support has also been added for configuring a SOCKS Proxy.

For more information about installing from behind a proxy server, please see our documentation page.

Bug fixes and other changes

  • Greatly improved g711A audio playback
  • Follow UDP can use index numbers
  • Fixed a double-escape problem when editing file names with certain characters
  • Added Ladder Diagram button to the Follow Stream dialog
  • Added Follow Stream button to Frame Decode dialog
  • Upgraded Highcharts to the latest 5.x series
  • Fixed underlying segfault that was preventing some navigation charts and sparklines from being created

Upgrade Instructions

Users upgrading from a version as old as CloudShark 2.8.x can run the following as root to perform the upgrade:

cloudshark-admin --install-latest

Please read the upgrade instructions if you are upgrading from an older version of CloudShark.