Chris SerenoWireshark Profiles
One of the great things about Wireshark is the completely customizable interface. Users can change the layout, column settings, protocol decode options, add/remove buttons, change colors, add/remove filters, and more. There is a lot of documentation on how to even write new protocol dissectors. Due to its open source nature and the active development community, one can modify the code and/or participate in its official development. What this means is no two instances of a Wireshark install have to be the same. Analysts can mold the tool into exactly what they need for their particular job. This is all done through the use of profiles.
In fact, a single install can have multiple profiles. This is useful to tailor different profiles to specific protocols or troubleshooting scenarios. For example, one profile could be used for troubleshooting web traffic and another could be used for diagnosing wireless issues. I currently have about 10 profiles ranging from a minimalist view to one specifically for analyzing the TCP handshakes to other protocol and scenario-based profiles. This is useful in a role where I don’t know what the next problem might require. I do have a single “go to” profile though that I typically use first and for all of my general troubleshooting. Here are some of the items that are modified in that profile:
The Title Bar
Columns
Macros
Display Filters
Coloring Rules
IO Graph Filters
Do you currently use Wireshark profiles? If so, please leave a comment and let me know how you use them. It’s always interesting to learn how others modify their setup.