Synchronize Wireshark Profiles

As mentioned in this post, you can create and share custom profiles. However, that is not the extent of profile management. Another great way to utilize these files is to synchronize Wireshark profiles between systems. In this day and age you probably have more than one computer (laptop, VM, home desktop??). Also, if you’re like me you probably have Wireshark installed on anything you can get your hands on! It can be a bit of a pain to keep your favorite Wireshark settings such as protocol options, coloring rules, and saved display filters up to date with each Wireshark installation. Using Dropbox (or a similar service) you can easily keep your Wireshark profiles in sync on all computers. All that is required is another quick and easy modification and a shared storage location; whether it be a local storage drive or cloud storage. The pertinent folders are shared in the previously linked post as well as in the Wireshark documentation....
Read More
Share Wireshark Profiles

Share Wireshark Profiles

As mentioned in this post, Wireshark is easy to customize and even provides the ability to share custom profiles. Just about everything that can be modified can be shared. I outlined several of those items in the linked post. Wireshark uses files to store the config items located in a couple of key places. The ones I have shared below are all contained in the "Personal configuration" directory. To get sharing right away follow these steps: Open the "Help" menu Click the "About Wireshark" option Select the "Folders" tab Find the folder that contains the file(s) you want to change Copy or share that folder Place the respective folder(s) or file(s) into the same directory on the other install The next time you open Wireshark you'll have access to the new profiles Shared Profiles Here is my go to profile This is a link to the rest of my profiles. These are a work in progress with some more complete than...
Read More
Rename Files to WS File Set Format

Rename Files to WS File Set Format

Using file sets in Wireshark is a great feature. It allows for quickly navigating between smaller files instead of experiencing sluggish performance when analyzing one large file. However, there are times when packet captures were taken using a system other than Wireshark (such as TCPDump or Dumpcap). Other times someone else performs the captures and uses a different naming convention. Either way, there are times when it would be nice to convert these names into Wireshark's file set naming convention. For a full write-up on the function and naming convention, please see Wireshark's documentation here. To get started renaming files, please see below. Using Windows PowerShell: Create a folder where you want to rename files Create a new powershell script file with .ps1 extension (i.e. rename.ps1) Use the following script: 4. Run the script by executing it in PowerShell or right-clicking on it and selecting "Run with Powershell"  Disclaimer: I'm relatively new to PowerShell, so this script isn't the most efficient. As I learn...
Read More