CloudShark is useful site that allows you to upload a pcap and share it with other people for collaborative efforts. Say you are troubleshooting a network issue over a conference call and need to share packet captures that were collected as the issue is happening. Or a team of network security analysts are working on a difficult analysis, and need to share the packets with someone from another location to assist them. Just drag and drop a packet capture into CloudShark and send the link to whomever needs to look at the capture. If they need to do more analysis (there are a limited number of online analysis tools built into CloudShark) they can click the download link and grab the pcap and open it up in their analysis tool of choice. There's even a plugin to allow you to upload a capture you're working on in WireShark (be aware that there's no proxy support that I've found).
The site is at http://www.cloudshark.org, and there is also a virtual image you can purchase and download to run on your own server or, order their appliance.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
No comments:
Post a Comment