Visualising n2disk Captured Traffic using CloudShark

Posted · Add Comment

Introduction


ntop users are familiar with n2disk and the nBox web interface that ease its use.

Show pcap files in a human readable format

Show pcap files in a human readable format

As you know, the nBox includes a small web-based tool that allows you to preview pcap contents.  This tool is good for having an idea of what a pcap contains but it not a fully fledged application. On the other hand CloudShark is the leading application for analysing traffic traces, and thus we have decided to leverage on it for offering the cheapest and most powerful solution for traffic-to-disk and pcap visualisation on the cloud.

 

From the nBox to the CloudShark Appliance


CloudShark is available as a VM or physical appliance that you can install anywhere on your network or on the cloud.

Cloudshark

 

The nBox features a preference page where you can insert the credentials of the appliance once. Done that you are ready to use it.

 

pcap uploaded to CloudShark

As soon as you have captured a pcap file on the nBox, you click on the “Upload to CloudShark” button and the nBox will upload the file onto it. As uploading a large file can take a while in particular over the Internet, the nBox performs this operation in background and notifies you when a task is completed. Done that your pcap file is available on CloudShark and you can go though it using a browser or even a tablet.

Example CloudShark

Below you can find further examples of how this integration has been carried on. Do not forget that with the nBox, in addition to CloudShark, you can also reproduce the same pcap (or set of pcaps, even TBytes of traffic) on a network interface connected to your nBox using disk2n, or visualise pcaps using ntopng installed on the same nBox.

Many thanks to the CloudShark team for their support!

PS. If you are a fan of Wireshark and ntop, make sure you attend the Sharkfest 2014, as the ntop team will be there.

This slideshow requires JavaScript.