Highlight or color packet detail item if it caused the display filter to match the packet

asked 2021-05-16 17:49:56 +0000

3 ●1 ●1 ●4

updated 2021-05-16 22:59:32 +0000

Guy Harris
19890 ●3 ●634 ●207

Is it possible in Wireshark to highlight or color sip header based on filter? Example.. Filter- sip.reason Wireshark shows packets which contains reason header. I would like to have header highlighted so that is easily identifiable.

If this feature is not there by default then can it be added by some lua scripts?

edit retag flag offensive close merge delete

add a comment

0

answered 2021-05-16 22:58:10 +0000

Guy Harris
19890 ●3 ●634 ●207

Example.. Filter- sip.reason Wireshark shows packets which contains reason header. I would like to have header highlighted so that is easily identifiable.

So, if there's a display filter active, you want whatever entries in the packet details refer to a field in the filter expression that causes the packet to match to be highlighted with a different color? So:

sip.reason - color all instances of sip.reason
sip.reason == XXX - color all instances of sip.reason that have the value XXX

It gets more complicated for filters that involve "and", "or", and "not" operators.

There is currently no mechanism to support that, and that includes "no mechanism available to a Lua script to do that". You should file an enhancement request as an issue in the Wireshark issues list.

edit flag offensive delete link

Comments

Thanks for enhancing the question. I will raise enhancement request.

prizzly ( 2021-05-17 16:38:23 +0000 )edit

Enhancement request raised

prizzly ( 2021-05-17 17:17:49 +0000 )edit

add a comment

0

answered 2021-05-18 10:12:15 +0000

SYN-bit

18344 ●9 ●301 ●255 https://SYN-b.it

Not the solution for your reuqest, but maybe a good workaround, if you search for a string in the packet-details, the string will get highlighted. So after the filtering, you could use the find function to specifically highlight the parts of the packet that you are looking for (assuming there is a string or regex filter possible for what you need to locate).

edit flag offensive delete link

Comments

I tried your suggestion but find didn't highlight the element of the tree. It only shows me the packet.

prizzly ( 2021-05-18 14:46:55 +0000 )edit

Are you searching in packet details?

Chuckc ( 2021-05-18 16:00:25 +0000 )edit

'Packet details' , 'narrow & wide' options were disabled.

prizzly ( 2021-05-18 16:44:51 +0000 )edit

Set the search type to String or Regular Expression

Chuckc ( 2021-05-18 17:10:16 +0000 )edit

yes now I can see..Thanks Chuck and SYN-bit

prizzly ( 2021-05-19 07:28:38 +0000 )edit

see more comments

0

answered 2021-05-16 18:00:39 +0000

André

176 ●63 ●3

yes you can, see documentation at: https://www.wireshark.org/docs/wsug_h...

edit flag offensive delete link

Comments

This not what I am looking for. I want to color one or more elements of the sip subtree

prizzly ( 2021-05-16 18:13:19 +0000 )edit

It is not possible to colour individual items in the tree.

André ( 2021-05-16 18:40:15 +0000 )edit

Can it be done by lua script?

prizzly ( 2021-05-16 18:43:18 +0000 )edit

Issue 16729 Add support for custom colors in Wireshark Packet Details

Chuckc ( 2021-05-16 18:49:34 +0000 )edit

It kind of coloring feature provided by Expert Information

prizzly ( 2021-05-16 19:00:46 +0000 )edit

add a comment

Highlight or color packet detail item if it caused the display filter to match the packet

3 Answers

Comments

Comments

Comments

Your Answer

Question Tools

Stats

Related questions

Highlight or color packet detail item if it caused the display filter to match the packet edit

3 Answers

Comments

Comments

Comments

Your Answer

Question Tools

Stats

Related questions

Highlight or color packet detail item if it caused the display filter to match the packet