Profiles are a way to configure how a capture file is displayed and processed. Clicking the Profile button after opening a capture file with open the Profile Switcher where a user can change the current profile.
Users can manage their saved profiles by opening the profile manager under Preferences -> Profiles in the upper right after logging in. Profiles can be named, given a description, and assigned to a group to share the profile with other users.
From the profile manager and the Preferences -> Uploads dialog a user can also select a default profile that will automatically be applied to uploaded capture files. An API token with upload permissions can also select a profile to be assigned to captures uploaded with that token.
From the Profile Switcher editing a profile will default to setting the new profile as a session profile. This profile will only be assigned to the current session. To update a profile or save this as a new profile use the drop-down menu next to the Save button.
An Admin user can create new profiles and enable them as a System Profile. This makes the profile available to all users on the system.
The decoder window’s columns can be customized under the Columns tab in the Profile pop-up.
The annotation column is always first. Every other column can be changed by dragging it to or from the list of pre-defined columns. Custom columns based on user specified fields can also be defined.
For example, to start using the TX Rate, just drag it from the list of additional columns into the list of displayed columns at the top. To create a custom column showing the SIP User Agent, assign a title and the field sip.User-Agent. The column order can be rearranged by dragging the column labels around. Click Add column to apply this custom column before you save. The new column will show the value of the field on any packets that have the field present.
See the Wireshark documentation for a full list of fields.
There is also a preset drop-down containing specialized analysis column profiles to choose from for different types of analysis. These include support for generic analysis, TCP sequence/ack analysis, wireless traffic and HTTP.
CloudShark Profiles also support decrypting various types of encrypted traffic:
The Decode Protocol As profile setting allows you to define custom rules for decoding protocols running on non-default ports. Up to ten unique and persistent custom protocol decode rules can be defined for each capture.
Each rule is characterized by three elements:
- field: ie tcp.port or udp.port
- value: ie any valid integer between 0 and 65535
- protocol: ie http or rtsp
For example, if a capture file contains HTTP traffic on the non-standard TCP port of 789, a custom rule could be added to automatically decode this traffic by setting field to tcp.port, value to 789 and protocol to http.
The Protocol Preferences profile setting allows specific low-level protocol preferences to be set for an individual capture file.
These protocol preferences can be modified to affect behaviors like subdissector reassembly, de-segmenting TCP streams, or enabling the calculation of checksums. Any advanced dissector preference can be set. Preferences are easily searchable and there is documentation displayed for each field.
CloudShark also provides a mechanism to set system-wide preferences for setting default options to each file on the system.
The Protocol Toggles section allows you to disable or enable specific protocols.
There are so many times that debugging an issue at one protocol is cluttered up by upper layer protocols for the same packet. This happens a lot when debugging TCP issues on an HTTP conversation.
Here’s an example of a TCP conversation with the HTTP analysis layer turned off!