Customizing Wireshark

Introduction

The Wireshark Customization module provides you with the instructions and devices to develop your hands-on skills in the following topics.

• Packet Marking and Timeframes
• Creating a Profile
• Editing Functionality

Lab time: It will take approximately 1 hour to complete this lab.

Exercise 1 - Packet Marking and Timeframes

Packet marking allows for tracking throughout the Wireshark capture with a black color applied to packets of interest when found by the investigator. Primarily this allows for tracking of problems throughout the trace, and overall it makes it a lot easier to identify issues.

In this exercise you will complete the following tasks:

• Packet Marking
• Edit Packet Time Reference
• Edit Packet Timeshift
• Using Different Time Displays
• Transferring Trace Files across Time Zones
• Summarizing Traffic Rates and Packet Data

Exercise 2 - Creating a Profile

Profiles are useful when regularly viewing traffic and having common settings pre-organized without needed to set up with each capture. A good profile takes time to setup and is customized to each user by his or her experiences and what they wish to quickly identify when performing an investigation.

In this exercise you will complete the following tasks:

• Customizing Profiles

Exercise 3 - Editing Functionality

The functionality of Wireshark is key to working with it effectually. Wireshark is able to display a lot of data and this can be overwhelming to process at times. Displaying columns, viewing the connections and various colors we can make edits to these function manually to better suit our purposes.

In this exercise you will complete the following tasks:

• View Displayed Columns
• Using Conversations
• Editing Coloring Riles
• Comparing Window Panes