Network Analysis Using Wireshark 2 Cookbook(Second Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

How to do it...

To go to the coloring rules, proceed as follows:

  • For a new coloring rule, click on the new tab, and you will get the following window:
  • In the Name field, fill in the name of the rule. For example, fill in NTP for the network time protocol.
  • In the Filter field, fill in the filter string, that is, what you want the rule to show (we will talk about display filters in Chapter 4, Using Display Filters).
  • Click on the Foreground button and choose the foreground color for the rule. This will be the foreground color of the packet in the packet list.
  • Click on the Background button and choose the background color for the rule. This will be the background color of the packet in the packet list.
  • Click on the Delete icon (the minus sign to the left of the plus sign) to delete a coloring rule.
  • Click on the Duplicate icon (to the right of the minus button) if you want to edit an existing rule.
  • You can also click on the Import... button to import an existing color scheme, or click on the Export... rule to export the current scheme.
There is an importance to the order of the coloring rules. Make sure that the coloring rules are in the order of implementation. For example, application layer protocols should come before TCP or UDP, so Wireshark will color them in their color and not the regular TCP or UDP color.
上一章目录下一章