Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.9
151152153154155156157158159160
Customizing Wireshark
150
e epoch, which specifies that timestamps are seconds since epoch
(Jan 1, 1970 00:00:00)
-v The -v option requests Wireshark to print out its version
information and exit.
-w <savefile> This option sets the name of the savefile to be used when saving
a capture file.
-y <capture link type> If a capture is started from the command line with -k, set the data
link type to use while capturing packets. The values reported by -
L are the values that can be used.
-X <eXtension option> Specify an option to be passed to a TShark module. The eXtension
option is in the form extension_key:value, where extension_key can
be:
lua_script:lua_script_filename; Tells Wireshark to load the given
script in addition to the default Lua scripts.
-z <statistics-string> Get Wireshark to collect various types of statistics and display the
result in a window that updates in semi-real time. XXX - add more
details here!
10.3. Packet colorization
A very useful mechanism available in Wireshark is packet colorization. You can set-up Wireshark so that
it will colorize packets according to a filter. This allows you to emphasize the packets you are (usually)
interested in.
Tip!
You will find a lot of Coloring Rule examples at the Wireshark Wiki Coloring Rules page
at http://wiki.wireshark.org/ColoringRules.
There are two types of coloring rules in Wireshark; temporary ones that are only used until you quit the
program, and permanent ones that will be saved to a preference file so that they are available on a next
session.
Temporary coloring rules can be added by selecting a packet and pressing the <ctrl> key together with one
of the number keys. This will create a coloring rule based on the currently selected conversation. It will
try to create a conversation filter based on TCP first, then UDP, then IP and at last Ethernet. Temporary
filters can also be created by selecting the "Colorize with Filter > Color X" menu items when rightclicking
in the packet-detail pane.
To permanently colorize packets, select the Coloring Rules... menu item from the View menu; Wireshark
will pop up the "Coloring Rules" dialog box as shown in Figure 10.1, “The "Coloring Rules" dialog box”.