From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Coloring rules - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Coloring rules
- When working with Wireshark, you may notice that the traffic is colorized. This has been done for quite sometime, but if it bothers you, you can take it off or modify the look and feel of Wireshark. Up here under telephony, you can take this and deselect the coloring rules so that you have no color. But a lot of us like the color because it helps to identify potential problems. We'll bring that back. As you can see here, some of these are black and that might indicate a problem with latency. In the lower right hand corner, let's select the Wireshark expert information. Here it's showing a lot of problems with a potential bad check sum. Well, that might not be a problem. Let's take a look. If I go up to this frame, and I right-click, and I take a look at protocol preferences, and here it says, "validate the check sum, if possible." I generally suggest you deselect this, and that is because a lot of times if the check sum is offloaded, it's incorrectly calculated and it appears to be…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Baseline your network4m 11s
-
(Locked)
Displaying data using filters3m
-
(Locked)
Creating complex filters5m 24s
-
(Locked)
Capture filters3m 18s
-
(Locked)
Using statistics3m 14s
-
(Locked)
Save, export, and print6m 28s
-
(Locked)
Coloring rules3m 55s
-
(Locked)
Using a ring buffer4m 24s
-
(Locked)
Challenge: HTTP packets39s
-
(Locked)
Solution: HTTP packets1m 27s
-
(Locked)
Challenge: Firewall rules1m 27s
-
(Locked)
Solution: Firewall rules3m 37s
-
-
-
-