Wireshark Revealed:Essential Skills for IT Professionals
上QQ阅读APP看书,第一时间看更新

Wireshark profiles

As we have covered the numerous Wireshark configuration options that are saved in specific files, such as cfilters for Capture Filters, dfilters for Display Filters, colorfilters for Coloring Rules, and preferences for preferences settings, it was mentioned that these files were saved in one of your Personal configuration directories, but I have left a full explanation of profiles and these configuration directories until now so that you would better understand what makes up a profile and why they are useful.

A profile is a collection of Wireshark configuration files customized for your specific needs and tastes in capture and display filters, coloring rules, columns and layouts, and so on for the particular environment you are working in. You can create one or more profiles and quickly reconfigure Wireshark to work best in differing environments by selecting the appropriate profile.

When you first install Wireshark, it operates with a default set of configuration files that are located in the Global configuration directory, which is usually the same as the System directory where the Wireshark program files reside. When you change any of the default settings, the changes are saved in new configuration files that are stored in a Personal configuration directory, the location of which varies depending upon your installation. You can determine and quickly open the Personal configuration directory for your installation from Wireshark by clicking on the About Wireshark option in the Help menu and clicking on the Folders tab. Within this tab is a list of all the directories that Wireshark uses, as shown in the following screenshot:

You can double-click on a Wireshark directory link to open a window to that directory.

Double-clicking on the Personal configuration link in the Folders tab opens the directory where (under a profiles subdirectory) your custom profile files are stored. Each profile is stored in a separate subdirectory that reflects the name you give a profile, as shown in the following screenshot:

Each custom profile directory contains all the Wireshark configuration files that determine how that profile controls Wireshark's features. You can copy and share these custom profile directories with other Wireshark users; copying the profile directory into their Personal configuration directory makes that profile available for selection.

Creating a Wireshark profile

To create a new Wireshark profile, follow these steps:

  1. Right-click on the Profile section (on the right-hand side pane) of Status Bar at the bottom of the Wireshark user interface and click on New, or navigate to Edit | Configuration Profiles | New in the menu bar.
  2. In the Create New Profile window that appears, you can give the profile a name. You can also choose to create the profile starting with the settings from an existing profile by making a selection from the Create from drop-down list or start from scratch. The Create New Profile window is shown in the following screenshot:
  3. Clicking on OK will save the new profile in its own directory by the same name in your Profiles directory in the Personal configuration menu.

Selecting a Wireshark profile

You can select one of your custom profiles by selecting Configuration Profiles from the Edit menu, clicking on one of the listed profiles, and clicking on OK. A quicker method is just clicking on the Profile section of Status Bar and selecting a profile from the pop-up menu, as shown in the following screenshot: