Taking packet captures to the next level
One of the most compelling benefits of cloud networking has to be the ability to troubleshoot technical issues remotely. Network engineers out there know that obtaining packet captures, an essential tool in the troubleshooting arsenal, can quickly consume time and money when supporting remote offices. Traditionally, an engineer needs to be physically present where the data is moving in order to “tap the wire” and capture detailed traffic for analysis.
In 2012 we solved this problem by giving engineers the ability to take detailed short-burst packet captures on any device in any location served by Cisco Meraki equipment. Combined with our remote cable testing feature, packet capture in the Cisco Meraki dashboard makes it far simpler to support networks on branch sites where dedicated IT resources may not be available.
The basic results of packet captures can be presented directly in the dashboard, but for more thorough data analysis, a .pcap file can be downloaded onto the engineer’s computer and opened with software like Wireshark (formerly known as Ethereal). If you haven’t worked with one before, you’ll be amazed at the detail contained in a .pcap file. It reveals everything that is passing through—from soup to nuts.
Now we’ve gone a step further and removed the need for local software by working with a new cloud service called CloudShark. Detailed packet captures can now be displayed directly in a web browser on any device.
Using CloudShark with Merkai is super easy. By default, any capture sent to the service is immediately viewable in the browser on CloudShark’s own website. If you’re already familiar with Wireshark, you’ll be right at home here. Here’s a sample :
If all of this detail looks overwhelming, the service includes analysis tools for helping you find that elusive needle in a haystack.
CloudShark also offers the option to host its software locally on your own server. This provides significant additional benefits, useful in larger organizations where many captures may be taken routinely and there may be a requirement to retain this data for future use or compliance purposes. With CloudShark’s Appliance software you can
- Build a searchable repository of capture files
- Tag captures to associate them to a location, device or trouble/support ticket
- Annotate packets and captures
- Securely collaborate on encrypted packet captures
- Manage user access, even integrating with LDAP/AD
Setting up an Appliance is easy, just download it and install. Add the URL and unique API token to the Cisco Meraki dashboard, and all captures will go directly from the Cisco Meraki cloud to the CloudShark Appliance, encrypted all the way from your Access Point, Security Appliance, or Switch.