Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5
171172173174175176177178179180
9.3. Packet colorization
A very useful mechanism available in Wireshark is packet colorization. You can set-up Wireshark
so that it will colorize packets according to a filter. This allows you to emphasize the packets you
are usually interested in.
Tip!
You will find a lot of Coloring Rule examples at the Wireshark Wiki Coloring Rules
page at http://wiki.wireshark.org/ColoringRules.
To colorize packets, select the Coloring Rules... menu item from the View menu, Wireshark will
pop up the "Coloring Rules" dialog box as shown in Figure 9.1, “The "Coloring Rules" dialog box”.
Figure 9.1. The "Coloring Rules" dialog box
Once the Coloring Rules dialog box is up, there are a number of buttons you can use, depending on
whether or not you have any color filters installed already.
Note!
You will need to carefully select the order the coloring rules are listed (and thus ap-
plied) as they are applied in order from top to bottom. So, more specific rules need to
be listed before more general rules. For example, if you have a color rule for UDP be-
fore the one for DNS, the color rule for DNS will never be applied (as DNS uses UDP,
so the UDP rule will be matching first).
If this is the first time you have used Coloring Rules, click on the New button which will bring up
the Edit color filter dialog box as shown in Figure 9.2, “The "Edit Color Filter" dialog box”.
Figure 9.2. The "Edit Color Filter" dialog box
Customizing Wireshark
160