Analysis
The analysis API is a collection of routes that allows a user to have network capture file analysis capabilities.
API spec
Full set of routes and API details can be found in the Analysis API docs. Or download the swagger spec directly.
Authentication
Once a token is created with PCAP Analysis access, the token must be passed in to the Authentication header. Note: depending on the user authentication setting, you may need to log into Cloudshark to use the endpoints.
curl -H "Authorization: <tokenId>" "/api/v2/analysis/<captureId/<analysisURL>"
Response Format
All analysis calls returns a JSON object
Examples
- /status
Request:
curl -H "Authorization: <tokenId>" "<domain>/api/v2/analysis/e365c226288b/status"
Response:
{
"data":{
"columns":[
{"format":"%m","resolved":true,"title":"No.","visible":true},
{"format":"%t","resolved":true,"title":"Time","visible":true},
{"format":"%s","resolved":true,"title":"Source","visible":true},
{"format":"%d","resolved":true,"title":"Destination","visible":true},
{"format":"%p","resolved":true,"title":"Protocol","visible":true},
{"format":"%L","resolved":true,"title":"Length","visible":true},
{"format":"%i","resolved":true,"title":"Info","visible":true}
],
"duration":8.503908,
"filesize":47216,
"frames":433
}
}
- /stats/conversations
Request:
curl -H "Authorization: 8daf39bac0b59934071da4b006feaca1" "<domain>/api/v2/analysis/16be27b0f31d/stats/conversations?protocol=udp"
Response:
{
"data": {
"convs": [
{
"daddr": "127.0.0.1",
"dport": "1234",
"duration": 29.996437,
"filter": "ip.src==127.0.0.1 && udp.port==10424 && ip.dst==127.0.0.1 && udp.port==1234",
"rx_rate": 0,
"rxb": 0,
"rxf": 0,
"saddr": "127.0.0.1",
"sport": "10424",
"start": 0,
"stop": 29.996437,
"totalb": 2758712,
"totalf": 2068,
"tx_rate": 91967.99,
"txb": 2758712,
"txf": 2068
}
],
"geoip": false,
"proto": "UDP"
}
}
