Using CloudShark with Dashboard Packet Captures
CloudShark is a tool that can be used to analyze and view packet captures taken on Dashboard. After setting up CloudShark, you will have the option to output your packet captures to CloudShark. Depending on what plan you have purchased, this can be uploaded to their public servers or uploaded to your private CloudShark appliance.
An overview of CloudShark and its features can be found here.
Configuration
On CloudShark
- Log into your CloudShark account.
- Click the Preferences drop-down on the top right-hand corner of the screen, and select API Tokens:
- Copy the hostname and upload token. This information will need to be entered into Dashboard.
On Dashboard
- In Dashboard, navigate to Network-wide > Configure > General.
- Under the Packet capture section, set CloudShark integration to Enable CloudShark Integration.
- Enter the following information from CloudShark:
- CloudShark URL - Enter the hostname as gathered from CloudShark. Unless you are using an enterprise CloudShark account, this will always be "https://www.cloudshark.org"
- CloudShark API key - Enter the API key as gathered from CloudShark.
- Use self-signed SSL certificate - If you are using a dedicated CloudShark appliance and have opted to use a self-signed certificate for SSL, set this option to yes and click Upload a certificate to upload the self-signed certificate.
- Click Save Changes.
Using CloudShark with Dashboard
In order to take a packet capture in Dashboard and view the capture in CloudShark:
- In Dashboard, navigate to Network-wide > Monitor > Packet Capture.
- Set the device type, interface, and duration as normal (reference our packet capture documentation for more info on each option).
- Set the Output to Stream to CloudShark.
- Click Start to start the capture. Once the capture is running, click View Capture on CloudShark to view captured traffic on CloudShark.
Troubleshooting Tips
If the capture fails or Dashboard returns an error, check the following:
- The CloudShark URL in Dashboard must be a full URL, including the leading "https://" For example, URLs such as "cloudshark.org" or "www.cloudshark.org" will not work.
- If you see the error "Server returned HTTP response code: 400 for URL ," ensure you are not exceeding your CloudShark capture size and/or upload limit.
- Upload size limits are set based on your CloudShark plan, so ensure your plan allows for the capture size.
- This error may also mean the capture was corrupted during generation.