Profiles

Profiles are a way to configure how a capture file is displayed and processed. Clicking the Profile button after opening a capture file with open the Profile Switcher where a user can change the current profile.

Profile Types

There are two main types of profiles, Session and Saved, described below.

Session

From the Profile Switcher editing a profile will default to setting the new profile as a session profile. This profile will only be assigned to the current session. To update a profile or save this as a new profile use the drop-down menu next to the Save button.

Saved

Users can manage their saved profiles by opening the profile manager under Preferences -> Profiles in the upper right after logging in. Profiles can be named, given a description, and assigned to a group to share the profile with other users.

From the profile manager and the Preferences -> Uploads dialog a user can also select a default profile that will automatically be applied to uploaded capture files. An API token with upload permissions can also select a profile to be assigned to captures uploaded with that token.

Provided by CloudShark

The built-in profiles provided by CloudShark are pre-loaded on the system. They cannot be removed or changed. To modify a built-in profile, edit it and save it as a new profile.

Owned by me

These are the profiles that you have created. You can share these with a group that you belong to. Other group members may optionally be allowed to modify the profile.

Shared with me

Profiles shared with you by other users are listed in this section. Depending on the permissions given to the group by the owner, you may have read-only or read-write permissions to modify the profile.

System-wide

An Admin user can create new profiles and enable them as a System Profile. This makes the profile available to all users on the system.

Profile Settings

This section describes all of the settings that can be configured in a profile.

Custom Columns

The decoder window’s columns can be customized under the Columns tab in the Profile pop-up.

The annotation column is always first. Every other column can be changed by dragging it to or from the list of pre-defined columns. Custom columns based on user specified fields can also be defined.

For example, to start using the TX Rate, just drag it from the list of additional columns into the list of displayed columns at the top. To create a custom column showing the SIP User Agent, assign a title and the field sip.User-Agent. The column order can be rearranged by dragging the column labels around. Click Add column to apply this custom column before you save. The new column will show the value of the field on any packets that have the field present.

See the Wireshark documentation for a full list of fields.

There is also a preset drop-down containing specialized analysis column profiles to choose from for different types of analysis. These include support for generic analysis, TCP sequence/ack analysis, wireless traffic and HTTP.

Saved Display Filters

To save users time and effort, frequently used display filters can be saved under the Filters tab in the Profile pop-up. When viewing a capture, the saved display filters from the profile can be applied using the Filters button next to the display filter box.

Saved display filters can be organized by using // in the Title to create nested display filter menus. For example, creating two filters with the titles Layer 4//TCP and Layer 4//UDP will group the TCP and UDP filters under the Layer 4 nested menu.

Packet Decryption

CloudShark Profiles also support decrypting various types of encrypted traffic:

Decode As

The Decode Protocol As profile setting allows you to define custom rules for decoding protocols running on non-default ports. Up to ten unique and persistent custom protocol decode rules can be defined for each capture.

Each rule is characterized by three elements:

  • field: ie tcp.port or udp.port
  • value: ie any valid integer between 0 and 65535
  • protocol: ie http or rtsp

For example, if a capture file contains HTTP traffic on the non-standard TCP port of 789, a custom rule could be added to automatically decode this traffic by setting field to tcp.port, value to 789 and protocol to http.

Protocol Preferences

The Protocol Preferences profile setting allows specific low-level protocol preferences to be set for an individual capture file.

These protocol preferences can be modified to affect behaviors like subdissector reassembly, de-segmenting TCP streams, or enabling the calculation of checksums. Any advanced dissector preference can be set. Preferences are easily searchable and there is documentation displayed for each field.

CloudShark also provides a mechanism to set system-wide preferences for setting default options to each file on the system.

Protocol Toggles

The Protocol Toggles section allows you to disable or enable specific protocols.

There are so many times that debugging an issue at one protocol is cluttered up by upper layer protocols for the same packet. This happens a lot when debugging TCP issues on an HTTP conversation.

Here’s an example of a TCP conversation with the HTTP analysis layer turned off!