HowTo Use The NST CloudShark Upload Manager

From NST Wiki
Revision as of 09:18, 12 September 2012 by Rwh (talk | contribs) (NST & CloudShark Use Case: Single-Tap Network Packet Capture Analysis In A Web Browser)
Jump to navigationJump to search

Overview

The NST project team has worked with the "CloudShark" folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. CloudShark technology allows network packet captures generated by an NST system to be imported, viewed, analyzed and shared from anywhere with a Web browser. CloudShark also provides a organized comprehensive method for storing and retrieval of all of your network packet captures.

NST CloudShark Upload Manager Reference Diagrams

The NST WUI has an integrated "CloudShark Upload Manager" network tools widget for managing the process of transferring a network packet capture to either "CloudShark.org" or a "CloudShark Appliance". The Upload Manager can be configured for either manual or automatic capture uploading and viewing.

One can manually bring up the CloudShark Upload Manager widget through the NST Navigation Menu (i.e. Tools => Network Widgets => CloudShark Upload Manager). All NST WUI pages that can generate a network packet capture can also bring up this widget after a capture has been obtained (i.e., Currently, both the Single and Multi-Tap Network Packet Capture pages as well as the Network ARP Scanner page have this capability.). If the "Automatic Upload Option" is enabled, then the CloudShark Upload Manager's internal transfer process is only used without actually bringing up the widget when uploading a capture from these pages. If the "View Option" is also enabled, then your browser will automatically open up a new tab/window and try to "View" the newly uploaded capture on the associated "CloudShark" host after the capture was successfully transferred.

The diagram below references each component and action available on the CloudShark Upload Manager widget. The manager is shown with the Access Control Panel in view. Use the Access Control Panel to define a new "Target" for each "CloudShark Appliance" to connect to. A "Target" is a configured access control group that defines how a network packet capture is uploaded to a "CloudShark" host. Tool tips are also provided on the NST WUI for each component and action providing detailed information and usage.

NST CloudShark Upload Manager & Access Control Reference Diagram

NST CloudShark Upload Manager & Access Control Reference Diagram

 

NST CloudShark Upload Manager View Captures Reference Diagram

The diagram below references the "View Captures" selection pull down panel. The panel is composed of two (2) sections. One for actions and one for viewing previously uploaded captures. Each action is described in the diagram below. A "CloudShark Capture Upload History " widget is also shown which was revealed by clicking on the "View Capture Upload History List" action. One can then copy an individual capture access URL or all of them and then share this information via Email with a colleague for a joint capture protocol analysis session using a web browser.

When a new capture is successfully uploaded to a "CloudShark" host, it is also added to the "View Captures" panel for accessing it at a later time.

NST CloudShark View Captures Reference Diagram

 

NST & CloudShark Use Case: Multi-Tap Network Packet Capture Setup

The network diagram below demonstrates how one could setup an NST system to perform a Multi-Tap Network Packet Capture session and use CloudShark Technology in the backend for capture storage, management and protocol analysis. In this example, Web Server 4 packets (Interface: p1p2) combined with All DMZ WAN packets (Interface: p5p1) will be captured by this Multi-Tap setup. This configuration can be useful for diagnosing both IPv4 Address and Port translations (i.e. NAT and PAT respectively) through the DMZ Firewall and also server response times for HTTP/HTTPS network traffic.

NST & CloudShark: Multi-Tap Network Packet Capture Setup

 

NST & CloudShark Use Case: Single-Tap Network Packet Capture Analysis In A Web Browser

The image below shows a packet decode using CloudShark within the Chrome web browser. The "Info" window pop-up is also shown. The Nst CloudShark Upload Manager also transfers pertinent information describing the complete genesis of the capture including the capture filter and command line used to generate it so that it can then be populated into the "Comments" tab.

NST & CloudShark: Single-Tap Network Packet Capture Analysis

 

NST & CloudShark Use Case - Graph Analysis: Captured Bytes vs Time

CloudShark - Graph Analysis: Captured Bytes vs Time