This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
2
1

What are your favorite or most useful color rules?

Besides the included defaults, what rules are most useful in troubleshooting and quickly identifying issues?

alt text

asked 13 Sep '10, 06:04

Peter's gravatar image

Peter
65127
accept rate: 0%

A screnshot of the profile would be a good thing to have in here. Thanks, A Friend From Portugal, Mr_Chmod

(12 Jan '14, 07:39) mrchmod

Well - I'd change the TCP small window shown to "< 1460" on most networks... I'd move it (and most of the ones listed following this) above Bad TCP as well. I know Wireshark will place the Expert info in the Packet List Info column, so it's easy to see - I like the coloring to catch my eye.

We just opened up registration for a free course on Troubleshooting with Coloring Rules - www.chappellseminars.com/s-wiresharkcolors.html - October 19th. We announce it tomorrow during the Filtering course.

Adding coloring rules for HTTP error codes, SIP error codes, DNS error responses, 4 NOPs in a row in TCP options, DHCP declines, DNS replies with greater than 5 responses, large delta times in diplayed packets... many many ideas. I have some coloring rules in the profiles downloads at www.wiresharkbook.com as well.

permanent link

answered 14 Sep '10, 00:07

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×53
×46
×17
×15

question asked: 13 Sep '10, 06:04

question was seen: 15,211 times

last updated: 12 Jan '14, 07:39

p​o​w​e​r​e​d by O​S​Q​A