Analysis
The analysis API is a collection of routes that allows a user to have network capture file analysis capabilities.
API spec
Full set of routes and API details can be found in the API spec.
Authentication
Once a token is created with PCAP Analysis access, the token must be passed in to the Authentication header. Note: depending on the user authentication setting, you may need to log into Cloudshark to use the endpoints.
curl -H "Authorization: <tokenId>" "/api/v2/analysis/<captureId/<analysisURL>"
Response Format
All analysis calls returns a JSON object
Examples
- /status
Request:
curl -H "Authorization: <tokenId>" "<domain>/api/v2/analysis/e365c226288b/status"
Response:
{
"data":{
"columns":[
{"format":"%m","resolved":true,"title":"No.","visible":true},
{"format":"%t","resolved":true,"title":"Time","visible":true},
{"format":"%s","resolved":true,"title":"Source","visible":true},
{"format":"%d","resolved":true,"title":"Destination","visible":true},
{"format":"%p","resolved":true,"title":"Protocol","visible":true},
{"format":"%L","resolved":true,"title":"Length","visible":true},
{"format":"%i","resolved":true,"title":"Info","visible":true}
],
"duration":8.503908,
"filesize":47216,
"frames":433
}
}
- /stats/conversations
Request:
curl -H "Authorization: 8daf39bac0b59934071da4b006feaca1" "<domain>/api/v2/analysis/16be27b0f31d/stats/conversations?protocol=udp"
Response:
{
"data": {
"convs": [
{
"daddr": "127.0.0.1",
"dport": "1234",
"duration": 29.996437,
"filter": "ip.src==127.0.0.1 && udp.port==10424 && ip.dst==127.0.0.1 && udp.port==1234",
"rx_rate": 0,
"rxb": 0,
"rxf": 0,
"saddr": "127.0.0.1",
"sport": "10424",
"start": 0,
"stop": 29.996437,
"totalb": 2758712,
"totalf": 2068,
"tx_rate": 91967.99,
"txb": 2758712,
"txf": 2068
}
],
"geoip": false,
"proto": "UDP"
}
}
