Author Profile - Ray Tompkins is the Founder and CEO of Gearbit. Ray is a Senior Network Specialist with over 28 years experience in troubleshooting, design, and implementation. His background includes 911 emergency consulting, and identifying the root cause of critical network problems. His knowledge of network protocols (LAN, VoIP, WAN and WLAN) and how they work within the enterprise networks are the key in providing customer service though knowledge transfer and education.
You can access the Colorize Conversation Rule in a couple of ways.
First way is through the Main Menu where you’ll find it listed under the View menu.
Second is to select the packet, then right click, to bring up the Color Conversation rule.
Select Packet-Right Click>Colorize Conversation>Ethernet or IP or TCP
This is not to be confused with the Coloring Rule, that’s used to highlight a bit pattern or protocol, etc…. Look forward to a future article where we’ll take a look at several examples of how and when it can be used to speed up packet analysis.
In Figure 1:1 I’ve first used a Display filter to find the first packet of a TCP Session, buy using this display filter, (!(tcp.flags.ack == 1)) and (tcp.flags.syn == 1). This makes it easy to see all the TCP conversations.
A quick note, I just about always use the right click Prepare a Filter to build all of my Display Filters.
Now on to the Colorize Conversation rule. In the following examples, Figure 1:3 shows the packets highlighted in pink, showing a visual separated from all the other packets. With the packets now visible you can see the TCP conversation, but also see other network traffic that is occurring around and during this TCP session. Very help feature in Wireshark, thank you Gerald Comes and the Wireshark team!
In Figure 1:2 show how this is done, first selecting the View menu, and then the Colorize Conversation rule, along with the following menus that narrow down the conversation to the TCP Session.
Figure 1:1 TCP Sessions Displayed with TCP Flags Filter
Figure 1:2 Apply Colorize Conversation to TCP Session