Packet captures contain the details you need to solve network and cybersecurity issues faster. However, they can be difficult to work with and have a reputation for requiring specialized knowledge.
We believe that anyone can use pcaps! These articles, videos, and resources from experts in the industry can help get you started.
When an attack happens, the packet data that flows across the network is critical to the incident response lifecycle. Here's 5 tips to greatly improve the success of your security operations using pcaps along with tools like Zeek and Suricata.
Now that we have our new Aerohive APs in our office, we’ve been excited to learn more about wireless troubleshooting and debugging. The built-in packet capture feature in HiveManager NG makes getting traces into CloudShark for analysis really easy. Now that we have the traces, what do we do with them?
As security and privacy become more important every day, the use of encrypted connections between clients, servers, and peers has been increasing at an amazing rate. With efficiency improvements to secure technologies like TLS 1.3 and easier methods to obtain certificates like LetsEncrypt, this number is only going to grow.
Where do I start with packet capture analysis? Here are some expert resources from our colleagues in the network and security industry answering the most common questions we get about packet analysis at QA Cafe.
A common question we get other than where to find example packet captures is which packet capture tools exist that are either free, work in a command line, work directly with CloudShark, or all of the above. Here’s a list of our go-to capture tools (other than Wireshark of course) and the different scenarios in which they can be used.
Is it the network, or the application? This question is so common that “it’s not the network” is a meme among IT professionals and developers alike.
When getting to the heart of an application or security problem, finding the right TCP stream and following it using the “Follow TCP Stream” view in CloudShark is usually the place you want to get to in order to see an issue in action, for a great many use cases. But how do you find the right stream, and what should you look for once you’re viewing it?
CloudShark’s capture repository is great for uploading your own captures and building a complete list of your network capture history and all of the captures that are most important to you. But, one of the most frequent questions we get is “Where can I find sample packet captures?“”
Zeek (formerly Bro) is a powerful tool trusted by networking and cybersecurity experts for analyzing network traffic. By creating collated, organized records of network activity (called “logs”), Zeek gives the network analyst a new approach when dissecting and investigating traffic.
Betty DuBois gives an in-depth look at how profiles can help you solve your packet capture problems faster by cutting through the hard work and helping experts and entry-level analysts work together.
In this article, we explore what Suricata is, what it does, and some of the new and interesting ways we use Suricata in CloudShark, CDRouter, and PassPort.
Whether you are a network product developer, network operator/ISP, or on a network/security operations team, learning about open-source Intrusion Detection System platforms like Suricata will help you! Watch our video to learn what it is how we use it in our products at QA Cafe.
What are some of the best ways that operators can gather and record network packets? What should you do as a vendor to enable packet capture in your products? What are the best ways to work with captures once you have them?
This collection of sample capture files highlights some of the new and updated protocol support included in CloudShark 3.10, including QUIC, DoH, WPA3, JA3, CommunityID, OPUS over RTP, and Wireguard.
Creating Lua plugins can be very useful to Wireshark and TShark users, and there’s a great community around building them. Here's how we built our Wireless Networks Tap in Lua to use as a useful example when writing your own plugins!
CloudShark 3.10 updates the display filter language, and users may need to update certain filters in their existing profiles. Here are the major changes users should know about and how to best use them!
A new field in CloudShark called "TCP Completeness" calculates which packets of a TCP connection are seen in a PCAP file. This field allows you to determine if the TCP 3-way handshake has been captured while viewing any packet in the connection. This article will explain why it is essential to know if these packets have been captured, how the value for this field is calculated, and how you can use it.