Wireshark 3.0 Tips / Tricks #1 – Building Customized Configuration Profiles

Building Customized Configuration Profiles

By Phill “Sherlock” Shade

I use Wireshark for practically every network or security related project that utilizes packets (frames) in some manner. Unfortunately, after nearly 30 years of working with networks, I have come to discover a single configuration that works for the multitude of infrastructure and application configuration such as Ethernet, Wireless (WiFi), Voice and Video over IP, Security and Network Forensics to name just a few.

Fortunately, Wireshark has a sometimes-overlooked feature that, when properly used, can help to minimize some of the confusion when switching troubleshooting and analysis focus: Customized Configuration Profiles.

  1. Determine which Wireshark profile you are currently using:

  1. Create a new configuration profile:

Note: As with most operations you want to preform within Wireshark, there are multiple ways to achieve the desired results.

Name your new configuration profile:

  1. Select and modify your newly created profile in accordance with your desired configuration and you are ready to go!

I hope that you found this information useful! This technique and many others are covered in our class:

TCP/IP Analysis and Troubleshooting with Wireshark“. For additional information on this class and our numerous other offerings, please see our website:

https://www.cybersecurityinstitute.eu/ and look under the Courses Menu.