This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is it possible to set the coloring of a packet from a dissector?

1

Is there any way to set the packet colors through dissector (or any other file), but through code only?

asked 13 Mar '12, 09:32

ashish_goel's gravatar image

ashish_goel
15121216
accept rate: 0%

edited 13 Mar '12, 09:57

multipleinterfaces's gravatar image

multipleinte...
1.3k152340


One Answer:

2

Packet coloring rules are defined by the user via the View -> Coloring Rules dialog. Rules are defined with a name, a background color, a foreground color, and a display filter. They are ordered such that rules higher in the list are tried first, and the first rule to match a packet determines its color. Once these rules are in place, coloring is automatic. The only way to "set the packet colors" is to dissect the packet using the header fields defined for your protocol and hope the user has appropriate coloring rules.
You may be able to influence this behavior by supplying coloring rules with your version of Wireshark, but there is no exposed mechanism at the dissector level to influence the color of a packet in the packet list view (and why should there be, since the user could be running tshark in stead, which must run dissector code but cannot color packets at all).

answered 13 Mar '12, 09:55

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

thnx for the quick reply.

by supplying the coloring rules do you mean to write a coloring rule file similar to file "colorfilters" present in your personal configuration of wireshark.

(13 Mar '12, 10:23) ashish_goel

Yes, but I do not know where the default set is provided off hand. Keep in mind that your users could ultimately change any coloring rules you provided, so you should not assume that your specific coloring rules will always be available.

(13 Mar '12, 10:39) multipleinte...

The default set of color rules is in a file that's part of the Wireshark installation.

As multipleinterfaces noted, Wireshark allows the user to change coloring rules, so it does not and will not ever have a mechanism to allow a dissector to force a particular color to be used - the developer will not be allowed to force a particular color to be used without the user being allowed to override it.

(13 Mar '12, 11:01) Guy Harris ♦♦

thanks for all your help.

(13 Mar '12, 21:14) ashish_goel

@ guy harris. Even if there was a possibility of setting the color codes through dissector code, it won't have meant forcing the scheme user. In such a case user could have overwrite the rules by specifying its own rules through Wireshark GUI.

Wireshark has already such kind of mechanism for preferences settings then why can't for color scheme?

(15 Mar '12, 07:43) ashish_goel