This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

colouring HTTP requests in a pcap file

0

I'd like to color all the http requests in my pcap file in purple. I've added a colour rule as the attached window shows. However, none of the packets that contain the requests becomes purple. They have a different color that I previously chose to apply based on the TCP converstaion.

Any clue why the purple rule color has not been applied?

Thank you.alt text

asked 12 Apr '16, 07:55

flora's gravatar image

flora
156313338
accept rate: 100%

One Answer:

1

There are two possibilities why your new coloring rule is not triggering:

  1. You applied temporary coloring based on a conversation, and your temporary coloring is is still in place. Temporary coloring overrides coloring rules. You can clear temporary coloring with Ctrl-Space.
  2. Your coloring rules are for HTTP requests. Beginning with Wireshark v1.12.0 and continuing to the current version (2.0.2), Wireshark does not always identify HTTP packets correctly. This is a known bug. See Bug 10335 on the Wireshark Bugzilla.

answered 12 Apr '16, 08:45

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Awesome! My current problem is 1 and your suggestion Ctrl-Space has worked perfectly for me. Thank you so much.

(12 Apr '16, 08:49) flora