How to configure coloring rules (wireshark >= 1.8.0) On the above screenshot, MAP layer is identified by yellow or green background color, whether the message is a MAP invoke (request) or MAP returnResultLast (answer).TCAP Abort (cancellation of TCAP dialog due to error) has a pink background, and TCAP Begin (initialization of TCAP dialog) has a light blue background (Not visible on the screenshot). Here is an overview of 4 basic coloring rules applied on typical SS7 traffic: Each rule is defined by one filter (using the same syntax as usual wireshark display filters), and a set of 2 colors (foreground and background colors). To get a better overview of the SS7 traffic and identify types of messages just by looking quickly at them, you can customize wireshark coloring rules. # Each pair of strings consists of a column title and its format. home/user/.wireshark./profiles/SS7/preferences The following file stores the configuration for your Wireshark profile: (click on image to enlarge) Exporting / Importing columns setting NOTE: This can be generalized to any Wireshark expression, so you can display any data you want from the pcap in the columns view.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |