QA Cafe Network Analysis Solutions - CloudShark Enterprise and Packet Viewer

The #NDR platform that wins the #AI race will not just tell users what is happening. They will show them. #wireshark #pcaps #cybersecurity

Where Network and Detection Response (#NDR) platforms once focused on collecting and presenting #cybersecurity data, perhaps with statistical insights, alerts, and dashboards, they are now driven by #AI. Your AI solution processes detections, performs behavioral analytics, and produces automated insights that sit at the center of the modern product experience. But even with the most powerful and trained AI analysis, your customers need proof that the analysis was correct, and evidence to support it when they have to pass things up the chain. When your platform makes a claim, users want to understand it. When it flags a threat, they want to verify it. When it prioritizes an issue, they want to see the evidence behind that decision. That proof is in the network packet captures. Find more at: https://lnkd.in/er8A9TCZ

After getting an analysis report from your dashboard or AI tools, your customers still need to connect the dots. To get to the real evidence they need, they will pivot between packet lists, conversations, protocol stats, and diagrams, all while trying to keep the same data in mind. Packet Viewer already lets you apply filters for your customers based on the insights from your tools.  Release 2026.03 introduces Analyst View: a single, unified workspace where every view stays in sync. The new Analyst View brings together a curated set of Packet Viewer tools into a single component, all connected through a shared display filter. Apply a filter once, and it connects everywhere: - Packet List - Ladder Diagram - Conversations - Endpoints - Protocol Hierarchy - DNS There’s no additional wiring required. Everything stays aligned automatically. This changes how users investigate traffic. Instead of jumping between disconnected views, they explore the same slice of data from multiple perspectives at once. Move from overview to packets without losing context Clicking on an entry in any tab, whether it’s a conversation, endpoint, or protocol, takes the user directly back to the packet list with the appropriate display filter applied. Users move fluidly between: - High-level summaries - Protocol-specific views - Individual packets All within the same investigative flow. Extending filtering across the API This release also expands filtering beyond the UI. The Deep Packet API now supports display filters across key endpoints, including conversations, protocol endpoints, protocol hierarchy, HTTP requests, and HTTP objects API calls. This means that the great AI analysis and automation that you built for your customers can operate on the same filtered dataset as the UI. Built for real analysis workflows Analyst View reflects how users actually work: 1. Start with a hypothesis 2. Apply a filter 3. Explore multiple perspectives 4. Drill into specific packets Now the entire workflow happens in a single, cohesive component. Check it out!

Why use Wireshark filters across your entire capture set? Wireshark is powerful because it understands thousands of protocols and gives you access to every field inside every packet. Once you open a capture, you can use display filters to zero in on almost anything. By using those Wireshark filters at the search level, you can identify files that contain packets that match the filter you used, directly searching on things like: - Specific IP addresses - A SIP Call-ID - Domains of a DNS query - Failed or suspicious TLS handshakes - Non-standard protocols running over an expected port - TCP timing problems, resets, and congestion - Contents of a conversation - Decrypted text - More deep stuff! Instead of trying to find the correct file before searching, you just search. CloudShark Enterprise finds every instance of that IP, query string, or protocol, across every capture, regardless of when or where it was collected. Because it uses the full power of Wireshark display filters, you can: - Use regular expressions - Perform mathematical comparisons (e.g., frame.len > 1500) -Search by protocol presence or absence - Combine with AND/OR logic across multiple layers Packet captures can come from all over your organization: firewalls, probes, branch offices, customer sites, and developer tools. As a result, teams often end up with thousands of files collected from different systems, teams, and times. Navigating that with filter-level search capability is incredibly powerful. That’s what solving the “needle in the haystack” problem looks like: comprehensive, scalable visibility that meets the speed of your investigation. Revisiting the past to solve the present Another common situation: What if an issue pops up today, but there’s a nagging suspicion you’ve seen something like it before? Maybe it’s a misbehaving application, a burst of strange DNS queries, or a short-lived connection to an unfamiliar domain. It was small enough to ignore at the time, but now, it might be part of a larger pattern. If you regularly store your packet capture data for historic forensic data, that traffic is likely still in your archive. But without a way to search broadly across your historical data, that insight stays buried. The ability to perform a historical search turns every investigation into a richer story. You’re no longer just reacting to what’s in front of you; you’re identifying patterns, detecting trends, and building context from weeks or months of network activity. Exploring Deep Search on your own data This is packet search at enterprise scale, designed for teams who need fast, comprehensive answers, even when their capture environment is massive, distributed, and complex. If you’re drowning in PCAP files from all over the place with no way to handle them, let us show you a demo of CloudShark Enterprise.

When your customers are analyzing a handshake, a request/response exchange, or a repeated transaction, absolute timestamps and long idle gaps can make timing interpretation difficult. Packet Viewer 2026.02 introduces a simple but powerful way to solve that problem. Customers can now mark any packet as a Time Reference and instantly recalculate relative timestamps from that point forward. This gives your users precise control over timing context without exporting data or manually calculating offsets. This helps with: Isolating transaction timing: Mark the first packet of a handshake or request/response pair to measure each step independently of surrounding traffic. Comparing repeated exchanges: Set a reference at the start of each occurrence to compare timing across repeated protocol transactions. Skipping idle gaps: Mark the first packet after a long gap to read timing relative to when activity resumed. This is just one of several improvements in Packet Viewer 2026.2. Time References dramatically improve how users reason about timing in complex traces. Instead of analyzing around the traffic, they can analyze from the event that matters.

You can’t solve what you can’t see. Dashboards are helpful, but they’re just summaries. AI models can highlight anomalies, but they’re only as good as their training data. The #pcap remains the ultimate source of truth for network and security analysis, and working with those massive captures has been frustratingly inefficient. With Large File Support and Deep Search, CloudShark Enterprise finally makes the “too big to open” problem disappear. https://lnkd.in/ekd-JfWb

CloudShark Enterprise 5.1 introduces the Deep Packet API. Instead of treating packet analysis as a human-only activity, the platform exposes real analysis functionality via an API endpoint, enabling enterprise systems to trigger, consume, and operationalize packet-level insights programmatically to: - Automate repetitive packet analysis tasks triggered by alerts, incidents, or changes - Integrate packet-level insight into SIEM, SOAR, NMS, and internal tooling - Build custom workflows that analyze pcaps programmatically - Reduce time spent on manual inspection while keeping packet data as a first-class source of truth - Enable AI agents to autonomously investigate incidents and execute remediation by providing packet-level visibility into network behavior This makes packet analysis something your systems can do, rather than simply providing pcap data to analysts using Wireshark. https://lnkd.in/einby68E

How do *you* use very-large captures? If the answer is "I don't," even though they have everything you need to resolve network or cybersecurity issues, why not? CloudShark Enterprise was designed to streamline packet analysis at scale, allowing teams to work from a central, on-premises environment that delivers fast, browser-based access to captures that come from multiple sources without ever moving data to endpoints. Large File Support expands that foundation with new workflows that solve the “too big to open” problem at every stage. Check out Zach's full overview - and how to make large captures useful - here: https://lnkd.in/e-65DbrE

One of the biggest sources of friction in packet analysis is knowing which IP address is which host. The latest Packet Viewer supports Name Resolution, showing hostnames instead of IPs directly in every analysis view. *Turn raw addresses into meaningful context* With Name Resolution enabled, Packet Viewer replaces IP addresses with hostnames throughout the UI. Your customers immediately recognize familiar systems and services when analyzing traffic. Name Resolution works with multiple real-world sources of truth: - Hosts files for static or environment-specific mappings - PCAP-ng name resolution blocks embedded in capture files - DNS packets captured directly in the trace By resolving names directly inside packet analysis, users can: - Identify systems and services at a glance - Understand traffic relationships without context switching - Move from packet capture to meaningful analysis more quickly This is especially valuable in cloud-managed networking and security workflows, where analysts move rapidly between dashboards, alerts, and packet-level evidence. Context stays intact instead of disappearing at the packet layer. *Optional port name resolution* Packet Viewer also supports optional port name resolution, translating port numbers into service names like http or ssh. Most teams leave this disabled since port numbers are already familiar, but it's there when you need the extra readability *Built for real analysis workflows* Name Resolution integrates cleanly across Packet Viewer’s views and respects existing analysis practices, so users can move faster without losing accuracy.

#cybersecurity teams face constant pressure to demonstrate that their tools, processes, and dependencies comply with internal policies and external regulations. That pressure increasingly lands on procurement workflows, not just the tools themselves. Regulations around software supply chain security expect organizations to demonstrate visibility into the software they deploy, not just the data they protect. Packet analysis platforms touch sensitive data and sit at the center of investigations, incidents, and audits. Many teams still rely on open-source tools that lack transparency - creating friction with procurement, IT security, and compliance teams. We're publishing an SBOM for CloudShark Enterprise because your purchasing process now expects it, and we want to make approval faster, not harder. https://lnkd.in/eWAQfsyy