Using Annotations in Graphs

2 min read

One of CloudShark’s main and most useful features is the ability to add annotations to individual packets, or to import packet comments from the pcap-ng format into CloudShark annotations. Not only does this make your own note-taking on your analysis easier, but allows you to share your annotations with your colleagues or customers when sharing the capture file URL. They can see your notes and get to the root of the problem faster.

But, did you know that CloudShark annotations transfer to CloudShark graphs? Indeed they do! When you add annotations to packets in a CloudShark capture, those same annotations can be set to show up in the CloudShark graphing tool. Here’s an example.

In packet capture challenge #2, we had you look at a capture performed on a session with from behind a broadband home router. The challenge was to find the time where the download is ending an the upload begins. The answer was about 17 seconds into the capture.

Guesswork is all well and good, but what if we want to mark those packets with notes? To demonstrate, I’ve added annotations to the first HTTP GET that starts the download test at packet 50:

Packet 50

And to packet 11500, where we see an HTTP POST:

Packet 11500

See the annotations? Great! Now, I’ve rebuilt the original graph that we used during the capture challenge to see where the download ends and the upload begins. This is done by clicking the “Include Annotations” check box in the graph editor. Once they are shown, you should see an “A” and “B” at the bottom of the graph. Hover your mouse over them, and you’ll see the same annotations I just added:

Cool! Just one of the powerful collaboration tools in CloudShark to enhance packet capture analysis and collaboration.