This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Building customized filters

0

Hi, How can I create/customize display-filters depending on coming packets in away that is (automatically) applied every time I start capturing filters. Lets say I want to filter all packets that are coming to the network from IP: 216.27.61.137 Thank you in advance,

asked 28 Oct '13, 14:11

OhudSaud's gravatar image

OhudSaud
11112
accept rate: 0%

Could you elaborate a bit, especially with your example, because I don't understand what it is you're asking for exactly.

With your example, you could use a capture filter of host 216.27.61.137 to capture those packets of interest to you. But then you want some display filter to be automatically applied whenever you use that capture filter, is that right? If so, which display filter should be automatically applied in that case?

(28 Oct '13, 18:43) cmaynard ♦♦

I wanna use some kind of API where I can build filers that can color this IP without need to specify it. Like once the capturing started, Wireshark can color packets even though IPs are new to the network, if they some condition is true. Is there any possibility to do that? Thank you Chris,

(04 Nov '13, 13:29) OhudSaud

I'm sorry, but it is still unclear (at least for me) what you are trying to do.

Do you want to tell a running instance of Wireshark (via some API) to colorize traffic of a certain IP address, like:

  • Now colorize IP:216.27.61.137 with color RED
  • Now colorize IP:1.2.3.4 with color GREEN

If so: Why do you want to do that? What do you hope to see in the GUI that scrolls the incoming traffic?

If no: Please be more precise in the description of what you are trying to do.

Wireshark can color packets even though IPs are new to the network

What does that mean? 'New to the network'?

(04 Nov '13, 15:52) Kurt Knochner ♦