HowTo Use The NST CloudShark Upload Manager: Difference between revisions

From MediaWiki
Jump to navigationJump to search
Line 35: Line 35:


= NST & CloudShark Use Case: Single-Tap Network Packet Capture Analysis In A Web Browser =
= NST & CloudShark Use Case: Single-Tap Network Packet Capture Analysis In A Web Browser =
The image below shows a '''CloudShark''' packet decode presented the '''Chrome''' web browser with the "'''Info'''" window pop-up highlighted. The '''Nst CloudShark Upload Manager''' also transfers pertinent information describing the complete genesis of the capture including the capture filter and the command line used to generate it so that it can then be populated into the "'''Comments'''" tab. In the example, an '''NST Single-Tap Network Packet Capture''' was uploaded to the '''CloudShark Appliance''' to collect
The image below shows a '''CloudShark''' packet decode presented the '''Chrome''' web browser with the "'''Info'''" window pop-up highlighted.
The "'''Comments'''" tab was selected and shows pertinent information describing the complete genesis of the capture including the capture filter and the command line used to generate it. This information was transmitted along with the capture upload process by the '''Nst CloudShark Upload Manager'''.
 
In the this example, an '''NST Single-Tap Network Packet Capture''' was uploaded to the '''CloudShark Appliance''' to collect DNS traffic in the '''DMZ'''.


[[Image:Nst_cloudshark_fwtraffic.png|940px|center|frame|NST & CloudShark: Single-Tap Network Packet Capture Analysis]]
[[Image:Nst_cloudshark_fwtraffic.png|940px|center|frame|NST & CloudShark: Single-Tap Network Packet Capture Analysis]]

Revision as of 10:13, 12 September 2012

Overview

The NST project team has worked with the "CloudShark" folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. CloudShark technology allows network packet captures generated by an NST system to be imported, viewed, analyzed and shared from anywhere with a Web browser. CloudShark also provides a organized comprehensive method for storing and retrieval of all of your network packet captures.

NST CloudShark Upload Manager Reference Diagrams

NST 2.16.0
SVN: 4104

The NST WUI has an integrated "CloudShark Upload Manager" network tools widget for managing the process of transferring a network packet capture to either "CloudShark.org" or a "CloudShark Appliance". The Upload Manager can be configured for either manual or automatic capture uploading and viewing.

One can manually bring up the CloudShark Upload Manager widget through the NST Navigation Menu (i.e. Tools => Network Widgets => CloudShark Upload Manager). All NST WUI pages that can generate a network packet capture can also bring up this widget after a capture has been obtained (i.e., Currently, both the Single and Multi-Tap Network Packet Capture pages as well as the Network ARP Scanner page have this capability.). If the "Automatic Upload Option" is enabled, then the CloudShark Upload Manager's internal transfer process is only used without actually bringing up the widget when uploading a capture from these pages. If the "View Option" is also enabled, then your browser will automatically open up a new tab/window and try to "View" the newly uploaded capture on the associated "CloudShark" host after the capture was successfully transferred.

The diagram below references each component and action available on the CloudShark Upload Manager widget. The manager is shown with the Access Control Panel in view. Use the Access Control Panel to define a new "Target" for each "CloudShark Appliance" to connect to. A "Target" is a configured access control group that defines how a network packet capture is uploaded to a "CloudShark" host. Tool tips are also provided on the NST WUI for each component and action providing detailed information and usage.

NST CloudShark Upload Manager & Access Control Reference Diagram

NST CloudShark Upload Manager & Access Control Reference Diagram
NST CloudShark Upload Manager & Access Control Reference Diagram

 

NST CloudShark Upload Manager View Captures Reference Diagram

The diagram below references the "View Captures" selection pull down panel. The panel is composed of two (2) sections. One for actions and one for viewing previously uploaded captures. Each action is described in the diagram below. A "CloudShark Capture Upload History " widget is also shown which was revealed by clicking on the "View Capture Upload History List" action. One can then copy an individual capture access URL or all of them and then share this information via Email with a colleague for a joint capture protocol analysis session using a web browser.

When a new capture is successfully uploaded to a "CloudShark" host, it is also added to the "View Captures" panel for accessing it at a later time.

NST CloudShark View Captures Reference Diagram
NST CloudShark View Captures Reference Diagram

 

NST & CloudShark Use Case: Multi-Tap Network Packet Capture Setup

The network diagram below demonstrates how one could setup an NST system to perform a Multi-Tap Network Packet Capture session and use CloudShark Technology in the backend for capture storage, management and protocol analysis. In this example, Web Server 4 packets (Interface: p1p2) combined with All DMZ WAN packets (Interface: p5p1) will be captured by this Multi-Tap setup. This configuration can be useful for diagnosing both IPv4 Address and Port translations (i.e. NAT and PAT respectively) through the DMZ Firewall and also server response times for HTTP/HTTPS network traffic.

NST & CloudShark: Multi-Tap Network Packet Capture Setup
NST & CloudShark: Multi-Tap Network Packet Capture Setup

 

NST & CloudShark Use Case: Single-Tap Network Packet Capture Analysis In A Web Browser

The image below shows a CloudShark packet decode presented the Chrome web browser with the "Info" window pop-up highlighted. The "Comments" tab was selected and shows pertinent information describing the complete genesis of the capture including the capture filter and the command line used to generate it. This information was transmitted along with the capture upload process by the Nst CloudShark Upload Manager.

In the this example, an NST Single-Tap Network Packet Capture was uploaded to the CloudShark Appliance to collect DNS traffic in the DMZ.

NST & CloudShark: Single-Tap Network Packet Capture Analysis

 

NST & CloudShark Use Case - Graph Analysis: Captured Bytes vs Time

CloudShark - Graph Analysis: Captured Bytes vs Time