Revision history [back]

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it.

Discussion now taking place on Gitlab https://gitlab.com/wireshark/wireshark/-/issues/19719

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it. it.

Discussion now taking place on Gitlab https://gitlab.com/wireshark/wireshark/-/issues/19719

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it.

Discussion now taking place on Gitlab https://gitlab.com/wireshark/wireshark/-/issues/19719

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it.

Discussion now taking place on Gitlab https://gitlab.com/wireshark/wireshark/-/issues/19719https://gitlab.com/wireshark/wireshark/-/issues/19802

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it.

EDIT: Discussion now taking place on Gitlab https://gitlab.com/wireshark/wireshark/-/issues/19802

Background:
So it took me forever to google the correct way to change the "active selected item" coloring rule. Turns out it's in the preferences area under fonts & color. Seems rather obvious now, but that something this basic was so hard to find on google seems like there needs to be something somewhere in the manual about how to do it. That said, seeing where the selected item coloring was, and how it worked when changed, left me disappointed at what I found.

In learning about Display filters I was intrigued by the ability to use field references. Because of the project I'm currently working on for school I am particularly interested in seeing conversations taking place easily and following them quickly. To help with that I created a filter button with "tcp.stream == ${tcp.stream}" as the expression. It works great. With the push of a button the packet list is re-filtered to show just the packets that are a part of the currently selected packet's conversation.

Knowing that the coloring rules use the same criteria as the display filters I immediately wanted to create a rule that did visually the same thing as but button I had just created. I tried to create a coloring rule at the top of my list with the criteria: "tcp.stream == ${tcp.stream}", but unfortunately it didn't do anything. I learned that the coloring rules are applied as a "pre-filter" to all of the packets before they are displayed, so a dynamically referenced field doesn't have anything selected to reference. Even if a packet is selected at the time you hit "ok" in the color rules dialog box, the coloring is applied before focus has been passed back to the packet list, so the dynamic rule still doesn't even "sort of" work.

The Idea:
I'm sure I'm not the only one who thinks it would be awesome to have Dynamic coloring rules that are applied each time you select a packet in the packet list. In my case I think I would be awesome to be able to assign "tcp.stream == ${tcp.stream}" to the "selected item" property so that as I move through the packets the rest of the conversation is instantly highlighted (and stays highlighted as part of the "inactive selected" state).

Even better would be if there was a Dynamic Color Filter bar above the display filter bar (perhaps toggle-able. not everyone would want to see it or use it) where we could put in on the fly a new coloring rule. This would be especially handy on larger pcaps where re-filtering the packet list takes longer than desired.

I can see this being handy for those who like to run without any present color filters. They could define a single filter on the fly to instantly hone in on what they are looking for without potentially excluding other useful packets, and it would be much faster than needing to go into the color rules dialog box and setup/change the rule if they decided they wanted to look at something else. This, combined with the color indicators in the Intelligent Scrollbar would really make jumping to areas of interest really easy and quick. This would make it really quick and easy to follow streams without loosing your other display filter that is currently set. Or to highlight suspect host IPs without cutting out other valuable packets.

Perhaps there would even be a checkbox next to this Dynamic Color Rule Bar so you could either have it apply in general like a regular color rule OR be dynamic based on the named field of the selected packet. If unchecked the field operates exactly like the expression field in the Color Rules dialog box. When checked it operates by only allowing a single packet field to be entered and it operates based on the "Field == ${Field}" principle where it highlights all packets that share the same value as the Field in the selected packet. Then, if using a Referential filter to get what you want colored, then you uncheck the box, it simple converts the referential criterial into fixed criteria, eg: i'm using a referential rule for the tcp.stream field, and so "tcp.stream" is all that is displayed in the bar. The selected packet has a stream ID of 465, so all packets from that stream get highlighted under the logic of "tcp.stream == ${tcp.stream}". The referential checkbox is unchecked and the Dynamic Color Rule bar changes to read "tcp.stream == 465", becoming a fixed reference.

I'm still new to all of this, but a common theme in all the materials on creating display filters is to not go to far with them and risk missing important information. I think having a dynamic/on the fly Color Rule Bar would be a great way to help with that and would be a great addition to the program.

The Question:
Since this is supposed to be a question and so far it's just an essay, here is the question: Can we please have a dynamic colorization rule filter bar as described above, with both general filtering and field referential filtering capability toggled with a check box next to it, added to the program?

I, and I'm sure many others, would appreciate it.