I've been interested in online packet tools for several years, dating back to my idea for OpenPacket.org, then continuing with Mu Dynamics' cool site Pcapr.net, which I profiled in Traffic Talk 10. Yesterday I learned of CloudShark, which looks remarkably similar to Wireshark but appears as a Web application.
I generated the picture at right by downloading a trace showing FTP traffic from pcapr.net, then uploading it to CloudShark. Apparently CloudShark renders the trace by invoking Tshark, then building the other Wireshark-like components separately. You can access the trace at this link. CloudShark says:While the URLs to your decode session are not publicly shared, we make no claims that you data is not viewable by other CloudShark users. For now, if you want to protect sensitive data in your capture files, don't use CloudShark.
Using Tshark is pretty clever, though it exposes the CloudShark back end to the variety of vulnerabilities that get fixed with every new Wireshark release. This is the same concern I had with OpenPacket.org, which limited that site's effectiveness. Incidentally, I have nothing to do with OpenPacket.org now, although there have been rumors that the site will get some attention at some point.
For comparison's sake, I took a screen capture of the same FTP pcap as rendered by Pcapr.net. Personally I think it's a great idea to use a front end that everyone should understand -- i.e., something that looks like Wireshark.At this point I think CloudShark is more of a novelty and maybe an educational tool. It would be cool if various packet capture repositories joined forces, but I don't see that happening.
0 comments:
Post a Comment