LMTV with Christian Ferenz - Why you need a modern Packet Broker – The evolution of Packet Broker features!
Solving Network Issues - Machine Learning - The IT Sorcerer’s Apprentice! (by John Kerber)

4 Ways to Transform Your Packet Capture Workflow (by Zach Chadwick)

When there is a technical problem here at QA Cafe, like you, we go straight to the packets.

 

We’ve been building test solutions for network devices since CDRouter debuted in 2002. Over that time we have learned that the sooner you can put a trace file of a problem in front of someone, the sooner they’ll be able to give you an answer about it.

 

CloudShark Enterprise grew out of our own need to manage and communicate around network capture files. Along the way we’ve learned some best practices for packet capture management. By prioritizing sharing and collaboration, these approaches will transform your workflow to make packet captures work for you.

  Cloudshark-gerald-quote

 

 #1: Keep all your important captures organized in one place

 Packet captures can come from anywhere in your network and it can be overwhelming dealing with files from so many different sources. Keeping any important PCAP files on a central server gives your team a single place to look whenever you need to find something. Everybody should have access to it through a web-browser, and features like sorting on metadata or searching should be fast and intuitive. 

 Read our full post for additional organizational tips like tagging and DeepSearch.

  

#2: Make Looking at Packet Captures Easy for Everyone

Gerald Combs, the creator of Wireshark, put it really well in one of his Sharkfest keynote speeches: Packet captures are often the last resort, when really they should be a first or second. To make packet captures the go-to first approach for understanding and solving networking problems, they need to be easier to open, look at, share, and use inside of existing communication tools.

By making capture files easier to get to and view through a regular old web-browser they can be used more, and integrated fluently into your existing communication tools like email, chat, and bug trackers. The more people have easy access to the PCAP data, the more your team can use them to solve problems.

 Try it: Click here to analyze a PCAP in your browser

 Cloudshark-workflow-diagram

#3. Bookmark your analysis for others

 Too often, pcap analysis involves asking someone to look over your shoulder to follow along, or at screenshots from someone else’s analyzer. Context is everything when dealing with packets, and a screenshot doesn’t provide enough of it.

By being able to bookmark, save, and share your analysis, anybody can come along and see exactly where you’ve left off without repeating the same steps on separate copy of the file. Linking directly to an analysis tool enables people to jump right into the middle of any problem.

Learn how we use URLs to link every aspect of packet analysis.

#4: Choose tools that play well with others

“Packets or it didn’t happen” is something we hear a lot. When you have an issue, it’s critical that all of your capture tools are able to send files directly to your central server for your analysts.

When looking at new capture tools, choose ones that provide hooks for integration with capture management platforms. Look at how each tool gets the packet data in front of a human being. Packets don’t help if you can’t see them.

Read more about the importance of having a reliable network-wide capture system.

 

Summary: Invest in your PCAP workflow!

 As a network engineer, PCAP files are one of your most powerful assets. They hold vital information to debug network problems, improve performance, and secure your business information. By keeping them organized and making them easier to access and share by every member of your team, you can reduce the time and effort needed to solve problems, and speed up the resolution of any network issues that come your way.

You can read the full version of this post on our blog over on cloudshark.org

 About CloudShark

CloudShark Enterprise by QA Cafe, is a packet capture repository, analysis tool, and collaboration platform that we built to solve the challenges faced in our own capture workflow. It uses Wireshark under the hood, but all you need is a web-browser.

We believe that being able to quickly share packet analysis in context, without friction, and across teams, changes packet captures from something that are too often a “last resort” to a resource that can be relied on to provide answers faster than before. CloudShark empowers your team to take network analysis to the next level.

Get in touch with our team to learn how we can help transform your network analysis workflow and get you and your team resolving issues faster than ever.

Visit us at https://www.cloudshark.org.


Zach_chadwick-150x150The Author - 
Zach Chadwick is the product manager and lead developer of CloudShark at QA Cafe, a dynamic software company out of Portsmouth, NH. In this position, he utilizes over 15 years of experience building network test and analysis solutions for the broadband, consumer, and enterprise networking communities. Through his passion for developing beautiful, easy to use software, Zach has become an expert in user experience design. He enjoys thinking about how to build tools that help people solve every day networking problems. When not at work, Zach likes playing with his dog Maddie who also comes to the office every day. Zach received his Bachelor of Computer Science from WPI in 2003.

 

Comments