As you know, the nBox includes a small web-based tool that allows you to preview pcap contents. This tool is good for having an idea of what a pcap contains but it not a fully fledged application. On the other hand CloudShark is the leading application for analysing traffic traces, and thus we have decided to leverage on it for offering the cheapest and most powerful solution for traffic-to-disk and pcap visualisation on the cloud.
From the nBox to the CloudShark Appliance
CloudShark is available as a VM or physical appliance that you can install anywhere on your network or on the cloud.
The nBox features a preference page where you can insert the credentials of the appliance once. Done that you are ready to use it.
As soon as you have captured a pcap file on the nBox, you click on the “Upload to CloudShark” button and the nBox will upload the file onto it. As uploading a large file can take a while in particular over the Internet, the nBox performs this operation in background and notifies you when a task is completed. Done that your pcap file is available on CloudShark and you can go though it using a browser or even a tablet.
Below you can find further examples of how this integration has been carried on. Do not forget that with the nBox, in addition to CloudShark, you can also reproduce the same pcap (or set of pcaps, even TBytes of traffic) on a network interface connected to your nBox using disk2n, or visualise pcaps using ntopng installed on the same nBox.
Many thanks to the CloudShark team for their support!
PS. If you are a fan of Wireshark and ntop, make sure you attend the Sharkfest 2014, as the ntop team will be there.