Ask Your Question
0

How can I export display filter buttons?

asked 2018-06-20 23:57:56 +0000

gitman gravatar image

I have two Fedora linux systems, both on Wireshark 2.6.1. I have custom display filter buttons defined on one host that I want to copy over to the other host. I copied my ~/.config/wireshark/ directory over, but the display filter buttons do not seem to be included. I have searched for a "dfilters" file, and a "dfilter_buttons" file, but those files do not exist. The "preferences" file does not contain them, either.

Which file contains the display filter buttons, or how can I export them?

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
1

answered 2018-06-21 05:09:25 +0000

Jaap gravatar image

Open Wireshark and go to preferences. Select Filter Buttons and look at the bottom right hand side of the dialog. This shows the file the button definitions are stored in.

edit flag offensive delete link more

Comments

Can you share a screenshot? There's no file reference in the preferences/Filter Buttons dialog - at least not in v2.6.1. The filter buttons are however in the preferences file: Search for "####### Filter Expressions ########" and they should be directly below that line.

NJL gravatar imageNJL ( 2018-06-22 09:23:43 +0000 )edit

image description

Jaap gravatar imageJaap ( 2018-06-22 11:13:58 +0000 )edit

Weird - it's not there on Windows or Linux....

NJL gravatar imageNJL ( 2018-06-22 11:15:51 +0000 )edit

Even weirder - just tried on my Macbook - also 2.6.1 and there is also nothing there...

NJL gravatar imageNJL ( 2018-06-22 11:46:13 +0000 )edit

You probably have to create at least one filter button for the file to be created. Since I've been playing with some filter buttons before, the file exists, currently without any entries.

Jaap gravatar imageJaap ( 2018-06-22 12:49:18 +0000 )edit
see more comments
0

answered 2018-06-22 20:02:28 +0000

Jim Aragon gravatar image

Prior to v2.6.0 of Wireshark, filter buttons were created in the preferences file. Beginning with v2.6.0, new filter buttons are created in the dfilter_buttons file. However, the later versions of Wireshark still recognize filter buttons that were created by earlier versions and that are in the preferences file. If some of your buttons were created before upgrading to v2.6.0, and some created after upgrading, you will have filter buttons in both places.

If you are using v2.6.0 of Wireshark or later, but all of your filter buttons were created by earlier versions and are in the preferences file, Wireshark will not show a path and file name on the Filter Buttons dialog. Wireshark will only show the path and file name when at least one button has been created using v2.6.0 or later, which causes the dfilter_buttons file to be created. And it will only show the path and file name of the dfilter_buttons file; it will not also list the preferences file.

To avoid confusion, I recommend deleting any filter buttons that are in the preferences file and then recreating them, which will put them in the dfilter_buttons file. This way, all of your filter buttons will be in one location. You could also cut and paste from one file to the other, but you will have to do some editing. Each filter button is three lines in the preferences file, but only one line in the dfilter_buttons file. The format used in each file is obvious, though.

edit flag offensive delete link more

Comments

To avoid confusion, I recommend deleting any filter buttons that are in the preferences file and then recreating them, which will put them in the dfilter_buttons file.

Actually, adding one additional filter button, and then deleting it, in a 2.6.0 or later version of Wireshark should be sufficient to put all the buttons into dfilter_buttons.

Guy Harris gravatar imageGuy Harris ( 2018-06-23 09:08:04 +0000 )edit

I didn't know that, but just tested it. It appears that making any change will remove all Filter Buttons from the preferences file and put them in the dfilter_buttons file. I simply enabled a Filter Button that is normally disabled. Simply clicking the check box under "Show in Tool Bar" on the Preferences page caused all my Filter Buttons to be moved to the dfilter_buttons file, and caused the "Filter Expressions" section to be completely deleted from the preferences file, heading and all.

Jim Aragon gravatar imageJim Aragon ( 2018-06-23 21:48:04 +0000 )edit

It appears that making any change will remove all Filter Buttons from the preferences file and put them in the dfilter_buttons file.

Making any change will cause whatever Wireshark version you have to save the results to files in the directory containing preferences; for Wireshark 2.6.x, this means writing out a dfilter_buttons file and, it appears, writing out the preferences file, and, for Wireshark 2.6.x, the code to write out the preferences files doesn't write filter buttons (because Wireshark 2.6.x puts them in a dfilter_buttons file), so the net result is that the preferences file is written out without filter buttons and a dfilter_buttons file is written out, containing filter buttons.

Guy Harris gravatar imageGuy Harris ( 2018-06-23 21:56:56 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-06-20 23:57:56 +0000

Seen: 1,497 times

Last updated: Jun 22 '18

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2