Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Changing the colors is "lightly" documented in the WSDG ( set_color_filter_slot(row, text)):

The color list can be set from the command line using two unofficial preferences: and gui.colorized_frame.fg, which require 10 hex RGB codes (6 hex digits each), e.g.

wireshark -o${RGB0},${RGB1},${RGB2},${RGB3},${RGB4},${RGB5},${RGB6},${RGB7},${RGB8},${RGB9}
For example, this command yields the same results as the table above (and with all foregrounds set to black):

wireshark -o,ffc0ff,e0c0e0,c0c0ff,c0e0e0,c0ffff,c0ffc0,ffffc0,e0e0c0,e0e0e0 -o gui.colorized_frame.fg:000000,000000,000000,000000,000000,000000,000000,000000

The best solution to the second request (button disable/enable permanent rules) would be to open an Ehancement Request on the Wireshark Gitlab Issues page.

You could duct tape something together with Lua to add menu buttons to set a custom field on each packet. This custom field would need to be checked by each of the permanent colors rules (and foobar.color). Rescanning all the packets to set/clear the field each time might be too slow depending on the size of the capture files.