Profiles are a way to configure how a capture file is displayed and processed.
The decoder window’s columns can be customized under the Columns tab in the Profile pop-up.
The annotation column is always first. Every other column can be changed by dragging it to or from the list of pre-defined columns. Custom columns based on user specified fields can also be defined.
For example, to start using the TX Rate, just drag it from the list of additional columns into the list of displayed columns at the top.
To create a custom column showing the SIP User Agent, assign a title and the
sip.User-Agent. The column order can be
rearranged by dragging the column labels around. Click Add column
to apply this custom column before you save. The new column
will show the value of the field on any packets that have the field
See the Wireshark documentation for a full list of fields.
There is also a preset drop-down containing specialized analysis column profiles to choose from for different types of analysis. These include support for generic analysis, TCP sequence/ack analysis, wireless traffic and HTTP.
CloudShark Profiles also support decrypting various types of encrypted traffic:
- TLS Decryption: Decrypt TLS encrypted traffic.
- Wireless Decryption: Decrypt WPA encrypted Wireless traffic.
The Decode Protocol As profile setting allows you to define custom rules for decoding protocols running on non-default ports. Up to ten unique and persistent custom protocol decode rules can be defined for each capture.
Each rule is characterized by three elements:
- field: ie tcp.port or udp.port
- value: ie any valid integer between 0 and 65535
- protocol: ie http or rtsp
For example, if a capture file contains HTTP traffic on the non-standard TCP
port of 789, a custom rule could be added to automatically decode this traffic
by setting field to
tcp.port, value to
789 and protocol to
The Protocol Preferences profile setting allows specific low-level protocol preferences to be set for an individual capture file.
These protocol preferences can be modified to affect behaviors like subdissector reassembly, de-segmenting TCP streams, or enabling the calculation of checksums. Any advanced dissector preference can be set. Preferences are easily searchable and there is documentation displayed for each field.
CloudShark also provides a mechanism to set system-wide preferences for setting default options to each file on the system.
There are so many times that debugging an issue at one protocol is cluttered up by upper layer protocols for the same packet. This happens a lot when debugging TCP issues on an HTTP conversation.
Here’s an example of a TCP conversation with the HTTP analysis layer turned off!