Hi, im im new to Wireshark and want to ask a Question about Coloring rules.
First: I filtered the PCAP Trace to see a specific Conversation between two IP adresses. For that i filtered the frame for a specific hex Code in the Payload: frame[430] ==80 && frame[431] == 01
This works fine. I dont want to filter for specific IP adresses because they can change. The Payload Message not.
So i have filtered all specific Frames. From (Source)A->(Dest)B From (Source)B->(Dest)A
My Issue:
I want a Coloring Rule that colorizes (Source)A->(Dest)B different to (Source)B->(Dest)A without selecting a specific IP. Is this possible?
Best regards, Bluescreen
Sorry for my bad English, i´m German ;D