CloudShark 3.14.0

September 14th, 2023

We’re headed back to school here in the Northeast United States and soaking up the last bits of Summer while we can. This release brings updated profiles, better file comment history, and some minor improvements and bugfixes. Enjoy!

Updated Profiles

The built-in analysis profiles profiles provided by Betty DuBois have been updated to help you speed up your analysis time. Changes include:

  • New WiFi profile and improved wireless coloring rules
  • New “QuickLoad” layer 2 profile
  • New “QuickLoad” layer 3 profile
  • Saved display filters for layer 7

The “QuickLoad” profiles allow CloudShark to open the file even faster by disabling protocols that you don’t need. If you have a large file that is taking too long to load, try applying one of these.

Improved service connections

The options to connect to memcache and redis under the hood of CloudShark have been extended to support Redis over SSL and Memcached with a username and password. When running these services locally on your instance, these additional parameters are not necessary. They are not exposed to the external network. However in a containerized configuration you may have Redis and Memcache running somewhere else and those connections can now be better secured.

Redis

In services.conf:

[redis]
  host = "external-redis"
  ssl = "true"

Environment variable uses rediss as the scheme:

REDIS_URL="rediss://external-redis"

Memcache

CloudShark’s internal connection to Memcache can now be authenticated with a username and password. Like Redis, this is not necessary when memcache is running only on the local system, but helps when connecting via a docker image or across a network.

In services.conf:

[memcache]
host = "net-memcache:11211"
user = "my_username"
password = "my_password"

Or using Environment variables:

MEMCACHE=net-memcache:11211
MEMCACHED_USERNAME=my_username
MEMCACHED_PASSWORD=my_password

New Session Comment History

Exporting a PCAP to a new session now copies the file comments from the source PCAP to the new session. This allows you to keep important information about the file as you filter it down to focus on the issue.

As you continue to refine the file by exporting to new sessions, a history is built up within the comments field. Don’t forget: you can search that field across your entire database from the capture index!

Bug Fixes and Other Changes

  • Fixed a bug that prevented external groups from being displayed when setting a user’s default upload group
  • Resolved a crash in the activity viewer caused by a database inconsistency
  • Fixed an issue where a user could upload files to a group they no longer belong to

Upgrading

For help upgrading with step-by-step instructions, please see our upgrade guide.