From the course: Wireshark: Malware and Forensics

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Coloring rules

Coloring rules - Wireshark Tutorial

From the course: Wireshark: Malware and Forensics

Start my 1-month free trial

Coloring rules

- When working with Wireshark, you may notice that the traffic is colorized. This has been done for quite sometime, but if it bothers you, you can take it off or modify the look and feel of Wireshark. Up here under telephony, you can take this and deselect the coloring rules so that you have no color. But a lot of us like the color because it helps to identify potential problems. We'll bring that back. As you can see here, some of these are black and that might indicate a problem with latency. In the lower right hand corner, let's select the Wireshark expert information. Here it's showing a lot of problems with a potential bad check sum. Well, that might not be a problem. Let's take a look. If I go up to this frame, and I right-click, and I take a look at protocol preferences, and here it says, "validate the check sum, if possible." I generally suggest you deselect this, and that is because a lot of times if the check sum is offloaded, it's incorrectly calculated and it appears to be…

Contents