Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
17292
Views
40
Helpful
5
Comments

Download: Wireshark Coloring Rules File

Hideyuki Osaki
Cisco Employee
Cisco Employee

‎04-11-2012 12:14 AM - edited ‎11-18-2020 02:58 AM

Update

- Now the coloring rule file supports Wireshark 2.4.0. Fixed some old obsolete syntax which is no longer supported in 2.4.0.

- Added some 802.11 and Cisco proprietary frames.

- Disabled CAPWAP_Control to pay attention to CAPWAP Heartbeat frames. You can enable it again at anytime.

These files are coloring rule files for Wireshark version 1.6.0 - 2.2.8 and version 2.4.0.

(Verified on Mac OS X10.6, 10.11.6, X Window System, and the latest Windows 7 Professional)

 

How to use

 

  1. Download wireshark_coloring_hosaki_2017Aug15_ver1.12-2.2.8.wireshark.zip for Wireshark version 2.2.8 or below, and wireshark_coloring_hosaki_2017Aug15_ver2.4.wireshark.zip for Wireshark version 2.4.0, attached on this document and unarchive them.
  2. Run your wireshark application.
  3. Click "Edit coloring rules" button loated in Tool bar to open Coloring Rules window.
  4. Click "Import" button then select the file downloaded at Step1.
  5. Click "Open" button to import the file.
  6. Click "Apply" button to apply the coloring rule to your wireshark.
  7. Click "OK" to close Coloring Rules window.
  8. Now you can see graphical colored wireless 802.11/LWAPP/CAPWAP/WLCCP frames when you open wireless sniffer files.

 

Note: The order of each coloring rule is important. You may override existing rules by changing the order. Some protocols like TCP, HTTP, and FCS checksum which are default rule are disabled intentionally in order to give your attention to more important frames.

This rule has been described by hosaki and may contain old/wrong formula. Please feel free to contact me on CSC if you had noticed anything.

 

Coloring Rule Snapshot


 

Result of colored sniffer file

wireshark_coloring_hosaki_2017aug15_ver2.4.wireshark.zip
wireshark_coloring_hosaki_2017aug15_ver1.12-2.2.8.wireshark.zip
Comments
Ligang Yan
Level 1
Level 1
‎06-26-2012 07:11 PM

Really useful and worth to recommend.

Hideyuki Osaki
Cisco Employee
Cisco Employee
‎06-26-2012 09:45 PM

Thank you for the comment! Please feel free to suggest any enhancements for this ruling file.

It's greatly appreciated if you could rate my work by adding Stars

Regards,

Hideyuki

Hideyuki Osaki
Cisco Employee
Cisco Employee
‎08-22-2013 09:27 PM

Coloring rule is updated.

- Minor bug fix

- Added some wireless protocols

Verified at Version 1.9.2 running on OSX 10.8.6

Hideyuki Osaki
Cisco Employee
Cisco Employee
‎05-13-2015 03:01 AM

Fixed a broken link for attachment. Apologize for inconvenience.

Vinay Sharma
Level 7
Level 7
‎05-15-2015 09:44 PM

Hello Hideyuki,

Could you upload the "Coloring_Rule_Snapshot.png" and "Result_of_coloring.png" as it is showing error and file is missing.

Thank you for sharing such an vital information with community users +5 :-)

Regards,

Vinay Sharma
Community Manager
CCIE#44972

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents