Wireshark’s packet colouring feature helps you quickly identify and understand different types of traffic by using color codes. It makes patterns, errors, or unusual behavior easier to spot during packet analysis.
Where to Find Colouring Options
All packet colouring settings can be found here:
View > Coloring Rules
To temporarily remove colours:
View > Colorize Packet List (toggle)
Creating a Custom Colouring Rule
You can add your own rules to highlight specific traffic, like login attempts or suspicious activity.
Steps:
- Go to View > Coloring Rules
- Click + to add a rule
- Enter a filter expression
- Choose foreground and background colours
- Click Apply