Benefits of Upgrading

Software upgrades are rarely at the top of anyone’s to-do list. However, upgrading CloudShark Enterprise delivers substantial improvements to your analysis capabilities while ensuring you maintain a secure, reliable environment. Upgrade CloudShark to gain the following:

  • Redesigned Packet Viewer: A more intuitive interface for faster, more efficient packet capture analysis.
  • Enhanced Analysis Engines: Upgraded Wireshark, Suricata, and Zeek versions for better threat detection and protocol parsing.
  • Support for Modern Protocols: Analyze the latest traffic, including QUIC (HTTP/3), TLS 1.3, and more.
  • Security and Compliance: Ensures a secure, supported platform, avoiding risks associated with end-of-life operating systems, such as CentOS 7.

Read on to explore the key benefits of upgrading CloudShark Enterprise. This will cover the new Packet Viewer interface, under-the-hood improvements, and critical end-of-life considerations for older installations.

Want to see CloudShark in action? Watch our detailed webinar showcasing the new Packet Viewer interface and under-the-hood improvements in CloudShark.

Packet Viewer

CloudShark Enterprise 4.1 includes our redesigned Packet Viewer interface to display packet captures using the traditional 3-Pane view. Here is what you’ll be able to do after upgrading:

Status bar with number of packets matched by display filter

Status Bar

Customized columns using drag-and-drop

Column Drag-Drop

Follow stream directly in the 3-pane view

Follow Stream

Under the hood

CloudShark Enterprise includes three core system components under the hood to provide packet capture analysis, Wireshark, Suricata, and Zeek. Major upgrades have been made to all three and are included in the latest version.

Wireshark has always been a core piece of CloudShark and provides all of the packet dissection and filtering in the three-pane view. QA Cafe recently submitted patches to the Wireshark project that allow us to include Wireshark version 4.4 and deliver updates to our customers much more frequently. For more information on the new protocols and filtering expression updates, see the Wireshark 4.4 Release Notes.

CloudShark Enterprise 4.1 also includes significant upgrades to Suricata (version 7) and Zeek (version 6). The updated Suricata engine provides improved threat detection with the latest security signatures, while Zeek 6 delivers enhanced protocol parsing and traffic summarization, making it easier to understand complex network behaviors through structured logs.

Once you upgrade, you’ll be able to:

  • Analyze the latest protocols, including QUIC (HTTP/3), TLS 1.3, DoH, and WPA3 wireless traffic Embed secrets into PCAPNG files to decrypt DTLS, TLS, QUIC, and Wireguard.

  • Leverage Wireshark 4.4’s improved TCP analysis with better handling of retransmissions, window scaling, and out-of-order packets Use JA4 fingerprinting to identify client and server TLS behavior without decryption.

  • Benefit from Zeek’s enhanced protocol analyzers for better visibility into application-layer behavior.

  • Take advantage of Suricata’s updated ruleset to detect the latest threats and vulnerabilities

End-of-Life Considerations

CloudShark Enterprise installations on older operating systems face significant support challenges going forward. Older CloudShark deployments may be running on CentOS 7, which reached end-of-life status in June 2024. As new vulnerabilities are discovered in CentOS 7, they will not be addressed, leaving your system potentially vulnerable to exploitation.

While CloudShark Enterprise 3.9 remains supported, running it on an end-of-life operating system creates significant challenges. The underlying platform’s security directly impacts your CloudShark deployment’s security. Organizations running CloudShark on CentOS 7 should prioritize upgrading to ensure they are running on a supported operating system.

CloudShark Enterprise 4.1 runs on Rocky Linux 8, which will receive security updates through 2029. This provides a stable, secure foundation for your packet analysis environment. The new OVA deployment model also simplifies future upgrades, making it easier to stay current with both CloudShark improvements and operating system updates. Note that CloudShark Enterprise 5.0, expected this summer, will require Rocky Linux 9.

How to upgrade

CloudShark Enterprise can be upgraded by migrating to the new OVA (Open Virtual Appliance) deployment model or using Docker. Both approaches change how upgrades work by storing your data separately from the operating system and application files, simplifying both the initial installation and future upgrades. Here is our support documentation for both models:

  • OVA Migration - Use this guide to import the OVA into your virtualization platform and migrate your existing data. Watch the video on this page to see it in action.

  • Docker - This guide will help you deploy CloudShark into your container infrastructure.

After Upgrading

Upgrading CloudShark provides immediate benefits through its enhanced interface and analysis capabilities while addressing the security concerns of running on outdated platforms. The new deployment model ensures that you can keep your CloudShark installation current with minimal effort, allowing you to focus on what matters most: analyzing your network traffic and identifying security issues.

If you have any questions about CloudShark or want any help planning an upgrade, please contact support@qacafe.com.