Haven’t got one of our snazzy CloudShark P-Caps yet? Well, how good are your dissector skills?
One of the tools we added in CloudShark 1.7 is the protocol hierarchy tool. Similar to that found in Wireshark, the CloudShark protocol hierarchy tool also lets you click on a given protocol and automatically creates a filter for you based on the packets called out in the hierarchy.
We’ve been playing around with it and realized that some protocol stacks can be pretty deep. The deepest one we had so far was this RTCP stream here:
Which is about 6 layers deep (not counting the checksum).
Oh and one more thing; since you’ll be uploading a single packet, you may need to apply a “decode as” rule to your capture as well - just let us know what rule you applied (since saving the rule is only available for users of the CloudShark Appliance.
Have fun and happy packet surfing!