Hi, I have a packet capture with several related TCP connections, all interwoven. And I have used the awesome feature to color each of the connections separately (Ctl-1, Ctl-2, etc.). It works like a charm to see how the connections interact. I have used 5 different colors in all. Now, if I understand correctly, these are temporary colors, which will disappear when I close this file. But now I want to make these colors permanent, so I can save this file and send it to a colleague. Is there a quick way to turn each of these temporary connection colors into coloring rules, that will live on? Thx! asked 09 Nov '16, 16:25  feenyman99 |
2 Answers:
Coloring rules are specific to your installation of Wireshark. Even if you create coloring rules, they will not travel with the file when you send it to your colleague. Why not just send a note with the trace file telling your colleague how to apply temporary coloring and which conversations to apply coloring to? answered 09 Nov '16, 17:47  Jim Aragon |
Hi As Jim says, color rules are specific to your customization of Wireshark. However, you can do a "trick" In your Wireshark, go to %appdata%\Wireshark There you have a file called "colorfilters". You can save that file (or send it to anyone else). If you reinstall or install Wireshark in another machine, you just need to copy the file again and open Wireshark. Disclaimer: This is not supported by Wireshark and will overwrite all other settings for colors made in Wireshark if the file already exists. Do it at your own risk Cheers, Osito answered 10 Nov '16, 02:52  osito |
Or setup a profile, setup colouring rules based on tcp.stream and send the profile along with the capture.