Wireshark profiles
As we have covered the numerous Wireshark configuration options that are saved in specific files, such as cfilters
for Capture Filters, dfilters
for Display Filters, colorfilters
for Coloring Rules, and preferences
for preferences settings, it was mentioned that these files were saved in one of your Personal configuration directories, but I have left a full explanation of profiles and these configuration directories until now so that you would better understand what makes up a profile and why they are useful.
A profile is a collection of Wireshark configuration files customized for your specific needs and tastes in capture and display filters, coloring rules, columns and layouts, and so on for the particular environment you are working in. You can create one or more profiles and quickly reconfigure Wireshark to work best in differing environments by selecting the appropriate profile.
When you first install Wireshark, it operates with a default set of configuration files that are located in the Global configuration directory, which is usually the same as the System directory where the Wireshark program files reside. When you change any of the default settings, the changes are saved in new configuration files that are stored in a Personal configuration directory, the location of which varies depending upon your installation. You can determine and quickly open the Personal configuration directory for your installation from Wireshark by clicking on the About Wireshark option in the Help menu and clicking on the Folders tab. Within this tab is a list of all the directories that Wireshark uses, as shown in the following screenshot:
You can double-click on a Wireshark directory link to open a window to that directory.
Double-clicking on the Personal configuration link in the Folders tab opens the directory where (under a profiles
subdirectory) your custom profile files are stored. Each profile is stored in a separate subdirectory that reflects the name you give a profile, as shown in the following screenshot:
Each custom profile
directory contains all the Wireshark configuration files that determine how that profile controls Wireshark's features. You can copy and share these custom profile directories with other Wireshark users; copying the profile
directory into their Personal configuration directory makes that profile available for selection.
Creating a Wireshark profile
To create a new Wireshark profile, follow these steps:
- Right-click on the Profile section (on the right-hand side pane) of Status Bar at the bottom of the Wireshark user interface and click on New, or navigate to Edit | Configuration Profiles | New in the menu bar.
- In the Create New Profile window that appears, you can give the profile a name. You can also choose to create the profile starting with the settings from an existing profile by making a selection from the Create from drop-down list or start from scratch. The Create New Profile window is shown in the following screenshot:
- Clicking on OK will save the new profile in its own directory by the same name in your
Profiles
directory in the Personal configuration menu.
Selecting a Wireshark profile
You can select one of your custom profiles by selecting Configuration Profiles from the Edit menu, clicking on one of the listed profiles, and clicking on OK. A quicker method is just clicking on the Profile section of Status Bar and selecting a profile from the pop-up menu, as shown in the following screenshot: