Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Capture File Archive

From: Joe McEachern <joe@xxxxxxxxxx>
Date: Wed, 1 Aug 2012 16:06:00 -0400
Using your own instance of CloudShark would provide more control than using the existing cloudshark.org. We also have features in the appliance version that are turned off on cloudshark.org. But using the existing cloudshark.org is also an option.

Cloudshark is not a test tool so its not going to help with regard to backtraces, comparing versions of tshark, or fuzz testing. It could help with sharing and controlled access to capture files. The was the original motivation. I am not familiar with the entire wireshark-dev environment so I don't know the real pain points involved with sharing capture files.

We don't have an auto tag feature like pcapr.net to classify each capture file by protocol. But this is something that could be easily scripted.

Its certainly not meant to replace your BTS either. 

This is just an idea at this point. It sounds like it needs more debate, but we wanted to make the offer.

Regards,

--joe 

On Wed, Aug 1, 2012 at 1:29 PM, Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> wrote:
On Wed, Aug 01, 2012 at 10:51:29AM +0200, Kurt Knochner wrote:
>
> ==> Guy Harris wrote:
>
> > I don't know whether pcapr.net accepts files that aren't in pcap (or
>
> I mentioned pcapr just as an example. I think it would be better to
> host that archive in the wireshark.org domain.

Why? There's already existing webservice which is offering what we need,
with existing community, why we should have our own?

> What about having a cloudshark system for wireshark, like
> cloud.wireshark.org? This could be used as a repository for the
> cpature file archive.

I really don't see the point, there's already one -- pcapr,
If cloudshark guys/ you want to create another one feel free.

Actually it should be already doable by cloudshark guys.
They have all infrastucture for doing it.
Just add checkbox when uploading: [This capture file is public and licensed under public domain]

> As I mentioned, the guys at cloudshark.org (presumably) offered to
> provide a cloudshark system to the wireshark dev team.

I don't see much sense if you're targeting wireshark dev team, at least
for me:

- Is cloudshark offering any backtrace in case tshark terminated?

- Is cloudshark offering coverage information of protocols fields?
  (pcapr does: http://www.pcapr.net/browse/fields)

- Can I search for specific protocol field (not only protocol)?
  (pcapr can: http://www.pcapr.net/browse?field=104apci.apdulen)

- Can I compare output of tshark version A and tshark version B?
  (regression testing)

- Can I edit capture files with cloudshark, or use it for fuzz testing?

Cloudshark also won't help much with bugs fixing (which is why these captures files are in BTS)

I need to download capture file, patch wireshark, recompile, test if it's working, commit.

And if we're talking about using it for BTS, primary question is:
  does cloudshark use any sandboxing mechanism?


If you're targeting wireshark community it's another matter.
But what's the point having cloudshark.wireshark.org and cloudshark.org
which offers exactly the same service?


Cheers,
 Jakub.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe