Packet coloring rules are defined by the user via the
View -> Coloring Rules dialog. Rules are defined with a name, a background color, a foreground color, and a display filter. They are ordered such that rules higher in the list are tried first, and the first rule to match a packet determines its color. Once these rules are in place, coloring is automatic. The only way to "set the packet colors" is to dissect the packet using the header fields defined for your protocol and hope the user has appropriate coloring rules.
You may be able to influence this behavior by supplying coloring rules with your version of Wireshark, but there is no exposed mechanism at the dissector level to influence the color of a packet in the packet list view (and why should there be, since the user could be running
tshark in stead, which must run dissector code but cannot color packets at all).
answered 13 Mar '12, 09:55
accept rate: 12%