What are Configuration Profiles in Wireshark?
Wireshark has a feature to create and set up configuration profiles based on whatever we want to see on screen and how we want to display captured information packets. Configuration profiles consider the sets of settings where we can define if the packet will be captured then how it will show on screen. This type of setting can include applying filters, color customization, protocol and ports. we can create multiple Configuration profiles in Wireshark and we can also switch between them. Suppose we want to capture packets over only HTTP then we can do this easily the creating a separate Configuration profile and saving it,. When we need it we can easily open this by profile option. There are also options for Importing and exporting profiles by this option we can export our created configuration profile from one device to another device.
For understanding a better way let’s see step by step Process to create a new Configuration profile and customize it.
Step 1: Open the Wireshark tool. In the Bottom left side, we can see the Profile option where the default profile is opened. Now click on Edit Option.
Step 2: It will show the following interface. Again click on Configuration Profiles.
Step 3: All profiles will we shown here. Now click on the (+) icon.
Step 4: Now enter your Profile Name. You can enter whatever you want. Now entering this profile name as TCP. Next click on Ok.
Step 5: Now our New configuration profile has been created . For checking it and switching between our created profile and the Wireshark Default profile click on the profile option which is on the bottom left side. Next, select Your profile according to your name.
Step 6: Now our profile has been selected. Now we need to select the interface on which we want to capture packets. You can select whatever you want . I am selecting Wi-Fi. Next click on Wireshark icon which is on the top right side for starting packet capturing.
Step 7: We can see Wireshark started packet capturing Over Wi-Fi in our created TCP Configuration profile.
Step 8: By default Wireshark automatically make some column when we create a Configuration profile. The following are common columns.
Step 9: Now For adding an extra feature in our screen click on the bottom specification of packets. Suppose we want to add Source port which comes from port 443 it will be listed down when packet are being captured then right click on Source port.
Step 10: It will show many option . We want to add Source port as Column in our profile. Then click on Apply as Column.
Step 11 : Now we can see all source port related to port 443 are being listed as column in our packet capture display.
Step 12: If we want to remove any column form our Profile display then we can easily remove it by right clicking on Specific column and click on Remove this Column.
Step 13 : Now we can see our Info Column is removed from or display profile.
Step 14 : If we want to add more extra column then we can also add. Suppose we want to add column of Destination port which come from port 59425 then right click on it.
Step 15 : Next click on Apply as Column.
Step 16 : Now we can see all Destination port column is added to our TCP Profile and it is listing all Destination ports which belong to port 59425 .
Step 17 : We can also colorize packets based on port . For this right click on Destination port 59425 and Select Colorize with filter and then Color. we are selecting here color 1 .
Step 18 : Now We can see all packets are colorize with color 1 which belong to destination port 59425 .
Step 19 : If we want to switch between Profiles then we can easily switch between them . For this Click on profile option in bottom right and select profile for which you want to switch.
Step 20 : If want to see default profile then select it .
Step 21 : Our Default profile displayed and whatever functionality it have it will show captured packets .
Configuration Profiles in Wireshark provide easy interface for us to display and save data how we want to see and save. It may possible that based on need in one profile we want to only IP Address and Destination port and in Second profile Information of packets and Source port. This can be performed by Creating of Configuration profile.
Please Login to comment...