What are your favorite or most useful color rules? Besides the included defaults, what rules are most useful in troubleshooting and quickly identifying issues?
asked 13 Sep '10, 06:04  Peter |
One Answer:
Well - I'd change the TCP small window shown to "< 1460" on most networks... I'd move it (and most of the ones listed following this) above Bad TCP as well. I know Wireshark will place the Expert info in the Packet List Info column, so it's easy to see - I like the coloring to catch my eye. We just opened up registration for a free course on Troubleshooting with Coloring Rules - www.chappellseminars.com/s-wiresharkcolors.html - October 19th. We announce it tomorrow during the Filtering course. Adding coloring rules for HTTP error codes, SIP error codes, DNS error responses, 4 NOPs in a row in TCP options, DHCP declines, DNS replies with greater than 5 responses, large delta times in diplayed packets... many many ideas. I have some coloring rules in the profiles downloads at www.wiresharkbook.com as well. answered 14 Sep '10, 00:07  lchappell ♦ |
A screnshot of the profile would be a good thing to have in here. Thanks, A Friend From Portugal, Mr_Chmod