Wireshark Profiles

Wireshark Profiles

One of the great things about Wireshark is the completely customizable interface. Users can change the layout, column settings, protocol decode options, add/remove buttons, change colors, add/remove filters, and more. There is a lot of documentation on how to even write new protocol dissectors. Due to its open source nature and the active development community, one can modify the code and/or participate in its official development. What this means is no two instances of a Wireshark install have to be the same. Analysts can mold the tool into exactly what they need for their particular job. This is all done through the use of profiles. In fact, a single install can have multiple profiles. This is useful to tailor different profiles to specific protocols or troubleshooting scenarios. For example, one profile could be used for troubleshooting web traffic and another could be used for diagnosing wireless issues. I currently have about 10 profiles ranging from a minimalist view to one specifically for...
Read More