- Now the coloring rule file supports Wireshark 2.4.0. Fixed some old obsolete syntax which is no longer supported in 2.4.0.
- Added some 802.11 and Cisco proprietary frames.
- Disabled CAPWAP_Control to pay attention to CAPWAP Heartbeat frames. You can enable it again at anytime.
These files are coloring rule files for Wireshark version 1.6.0 - 2.2.8 and version 2.4.0.
(Verified on Mac OS X10.6, 10.11.6, X Window System, and the latest Windows 7 Professional)
How to use
Download wireshark_coloring_hosaki_2017Aug15_ver1.12-2.2.8.wireshark.zip for Wireshark version 2.2.8 or below, and wireshark_coloring_hosaki_2017Aug15_ver2.4.wireshark.zip for Wireshark version 2.4.0, attached on this document and unarchive them.
Run your wireshark application.
Click "Edit coloring rules" button loated in Tool bar to open Coloring Rules window.
Click "Import" button then select the file downloaded at Step1.
Click "Open" button to import the file.
Click "Apply" button to apply the coloring rule to your wireshark.
Click "OK" to close Coloring Rules window.
Now you can see graphical colored wireless 802.11/LWAPP/CAPWAP/WLCCP frames when you open wireless sniffer files.
Note: The order of each coloring rule is important. You may override existing rules by changing the order. Some protocols like TCP, HTTP, and FCS checksum which are default rule are disabled intentionally in order to give your attention to more important frames.
This rule has been described by hosaki and may contain old/wrong formula. Please feel free to contact me on CSC if you had noticed anything.