Articles

Staying Up to Date With CloudShark Enterprise

Software upgrades are rarely at the top of anyone's to-do list. However, upgrading CloudShark Enterprise delivers substantial improvements to your analysis capabilities while ensuring you maintain a secure, reliable environment. Upgrade CloudShark to gain the following:

  • DeepSearch the Entire Library: Discover packets anywhere in your capture library without guessing which files contain them.
  • Unlimited Licensing: Hassle-free licensing that lets you install as many instances as you need for an unlimited number of users.
  • Redesigned Packet Viewer: A more intuitive interface for faster, more efficient packet capture analysis.
  • Enhanced Analysis Engines: Upgraded Wireshark, Suricata, and Zeek versions for better threat detection and protocol parsing.
  • Security and Compliance: Ensures a secure, supported platform, avoiding risks associated with end-of-life operating systems, such as CentOS 7.

Read on to explore the key benefits of upgrading CloudShark Enterprise. This will cover the new features, under-the-hood improvements, and critical end-of-life considerations for older installations.

DeepSearch Entire Library

CloudShark Enterprise 5.0 revolutionizes how you discover and analyze network data with a new DeepSearch feature that searches your entire library of PCAPs. Unlike previous versions that required you to select specific files before searching and limited the scope to just 90 files, DeepSearch now searches across your entire repository of capture files.

Unlimited DeepSearch

  • Complete Library Coverage: Search across your entire repository automatically, not just selected files
  • Streamlined Workflow: Eliminate the time-consuming step of selecting which captures to search
  • Advanced Result Filtering: Combine DeepSearch results with existing Index Filters for precise discovery
  • Intelligent Ordering: Search results follow index sort order for better relevance and consistency
  • Unlimited Scale: No more 90-file limitations when searching across your capture library

Unlimited Licensing

CloudShark Enterprise 5.0 introduces a simple, hassle-free licensing model that removes all barriers to organization-wide deployment. With unlimited users and instances, you can deploy CloudShark across your entire network operations, security, and engineering teams without worrying about user counts or additional licensing costs.

  • No Instance Restrictions: Install CloudShark wherever and however your organization needs it
  • No User Limitations: Deploy to every team member who needs packet analysis capabilities
  • Simplified Management: Streamlined licensing system eliminates the need for separate license servers
  • Predictable Costs: Scale your analysis capabilities without licensing constraints or additional fees

Packet Viewer

CloudShark Enterprise 5.0 includes our redesigned Packet Viewer interface to display packet captures using the traditional 3-pane view. Here is what you'll be able to do after upgrading:

Status bar with number of packets matched by display filter

Status Bar

Customized columns using drag-and-drop

Column Drag-Drop

Follow stream directly in the 3-pane view

Follow Stream

Under the hood

CloudShark Enterprise 5.0 includes three core system components under the hood to provide packet capture analysis, Wireshark, Suricata, and Zeek. Major upgrades have been made to all three and are included in the latest version.

Wireshark has always been a core piece of CloudShark and provides all of the packet dissection and filtering in the three-pane view. QA Cafe recently submitted patches to the Wireshark project that allow us to include Wireshark version 4.4 and deliver updates to our customers much more frequently. For more information on the new protocols and filtering expression updates, see the Wireshark 4.4 Release Notes.

CloudShark Enterprise 5.0 also includes significant upgrades to Suricata (version 7) and Zeek (version 6). The updated Suricata engine provides improved threat detection with the latest security signatures, while Zeek 6 delivers enhanced protocol parsing and traffic summarization, making it easier to understand complex network behaviors through structured logs.

Once you upgrade, you'll be able to:

  • Analyze the latest protocols, including QUIC (HTTP/3), TLS 1.3, DoH, and WPA3 wireless traffic
  • Embed secrets into PCAPNG files to decrypt DTLS, TLS, QUIC, and Wireguard
  • Leverage Wireshark 4.4's improved TCP analysis with better handling of retransmissions, window scaling, and out-of-order packets
  • Use JA4 fingerprinting to identify client and server TLS behavior without decryption
  • Benefit from Zeek's enhanced protocol analyzers for better visibility into application-layer behavior
  • Take advantage of Suricata's updated ruleset to detect the latest threats and vulnerabilities

End-of-Life Considerations

CloudShark Enterprise installations on older operating systems face significant support challenges going forward. Older CloudShark deployments may be running on CentOS 7, which reached end-of-life status in June 2024. As new vulnerabilities are discovered in CentOS 7, they will not be addressed, leaving your system potentially vulnerable to exploitation.

While CloudShark Enterprise 3.9 remains supported, running it on an end-of-life operating system creates significant challenges. The underlying platform's security directly impacts your CloudShark deployment's security. Organizations running CloudShark on CentOS 7 should prioritize upgrading to ensure they are running on a supported operating system.

CloudShark Enterprise 5.0 runs on Rocky Linux 9, which will receive security updates through 2032. This provides a stable, secure foundation for your packet analysis environment. The new OVA deployment model also simplifies future upgrades, making it easier to stay current with both CloudShark improvements and operating system updates.

How to upgrade

CloudShark Enterprise can be upgraded by migrating to the new OVA (Open Virtual Appliance) deployment model or using Docker. Both approaches change how upgrades work by storing your data separately from the operating system and application files, simplifying both the initial installation and future upgrades. Here is our support documentation for both models:

  • OVA Migration - Use this guide to import the OVA into your virtualization platform and migrate your existing data. Watch the video on this page to see it in action.

  • Docker - This guide will help you deploy CloudShark into your container infrastructure.

After Upgrading

Upgrading CloudShark provides immediate benefits through its enhanced search capabilities, unlimited licensing model, and improved analysis interface while addressing the security concerns of running on outdated platforms. With DeepSearch's ability to discover packets across your entire capture library and licensing that scales without restrictions, your entire organization can leverage advanced packet analysis more effectively than ever before.

The new deployment model ensures that you can keep your CloudShark installation current with minimal effort, allowing you to focus on what matters most: analyzing your network traffic and identifying security issues.

If you have any questions about CloudShark or want any help planning an upgrade, please contact support@qacafe.com.