Wireless Access

Reply
Highlighted
New Contributor

Wireshark Coloring Rules


As shown at Atmosphere 19' Las Vegas last week, it is recommended to use Wireshark's "Coloring Rules" for the common protocols you need to analyze to help improve the efficiency of browsing through a large sniffer trace file for monitoring or troubleshooting.

 

The attached file contains my colorfilters file that can be imported into Wireshark's "Coloring Rules" for displaying different protocol communication for analyzing WiFi frames. These rules are permanently saved and used each time Wireshark is started.

 

(Note 1: These color filters were based on using Wireshark version 2.6.3. Please backup your colorfilters file before importing this colorfilters file in Wireshark's menu selection "View-->>Coloring Rules...-->>Import". Once the colorfilters file is imported you should manually select all these new rules and drag them to the top of your rule set so they can be applied in the correct order.)

 

(Note 2: Coloring rules are read from top of list down so the first matched filter will be applied. For example I have "802.11 retry bit set" and "802.11 power management bit set" filter rules positioned at the top as I want to highlight such frames in my wireless analysis.)

 

 

In addition to importing the above or other preconfigured color filters you can also create your own in the following 2 possible methods:

 

Wireshark_Coloring_Rules_Option1.png

 

OR the following temporal coloring method

 

Wireshark_Coloring_Rules_Option2.png

 

Example Wireshark "Coloring Rules" list for monitoring WIFi frames:

 

MyWiresharkColoringRules.png

 

Example browsing of a WiFi sniffer trace using helpful color filters to differentiate protocol phases:

 

Establishing_802.1X_Wireshark_View_CROPPED.png

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: