How to configure colors in Ethereal
(Last modified: 03Jul2003)
This document (10084708) is provided subject to the disclaimer at the end of this document.
goal
How to configure colors in Ethereal
fact
Ethereal 0.9.13
symptom
No colors in Ethereal
Ethereal displays only in black text on a white background.
fix
To colorize the display of Ethereal then click on the Display menu option and select "Colorize Display".
The Apply Color Filters window appears.
To create a new color filter then click on the new button under the edit section of this window.
Give the filter a name in the Name field. For example I will name this NDS Packets. You can enter any name. Just use something descriptive.
Now we need to define what is unique about this packet type so that Ethereal can identify it and apply the correct color. We can do this by typing in the correct filter string into the string field or we can click on the Add Expression button. For our example lets click on the Add Expression button.
The filter expression window allows you to browse to the desired information. In our case NDS is a subset of the NCP protocol. We will need to go to the NCP protocol field.
The relation field allows us to define specific information about this field. If we wanted to colorize all NCP packets then we would just select the "is present" relation. But for this example we want to colorize only NDS packets. So we must identify the unique properties in an NCP packet that makes it a NDS packet. All NDS packets are NCP function 104 so what we need to do is to inform Ethereal that NDS packets are NCP function 104. To do this we scroll down and find the function field under the NCP protocol.
Now under the relation field we need to select "==" for equals.
A new field opens so that you can enter the value for Function. The Value label tells you what type of data can be entered into the field. In this case it is an unsigned value of 1 byte in length. We can enter either the decimal value of 104 or we can enter the hexidecimal value of 0x68. To enter Hex values just proceed the value with 0x.
Now click on the Accept button.
Ethereal now takes you back to the Edit Color Filter window with the information we selected appended to the String field. Notice that the information is appended and the original information that was originally in the string field is still there. In our case the string field now contains the text filterncp.func == 104. This is invalid data since the word filter was already in this field. We need to delete the word filter.
Now the string is correct. It should read ncp.func == 104. We could have not ran into this problem if we would have cleared out this field before we browsed. Also if we had already known what the correct string was we could have just typed it into the string field directly.
Now we can select the color that we want to be displayed when Ethereal encounters an NCP packet with the function type of 104. Click on either the Forground Color or Background Color button to choose the color.
You can select the color a number of ways but the easiest is to just click in the color circle and select the desired color. In our example I will select some shade of purple for NDS packets.
Click the OK button when you have the desired color.
Now the Edit Color Filter window shows the name and string in the color that we selected. Click the OK button to return with these values.
Now we see the new color filter in the color filters list. Please note the comment "List is processed in order until match is found". This means that if any other filter above this filter colorizes this packet then our new filter will not get executed. NDS packets are a subset of NCP packets. So if there is a color filter that sets a color for NCP packets somewhere in the list above then Ethereal will never look at our new filter. Also remember that the NCP protocol rides on top of TCP/IP or IPX/SPX. If there are color filters for any of these then our filter will not be processed.
In this example our color filter did not get processed because there is another filter above our filter that specifies to colorize all NCP packets as pink. To fix this we just go back to the Edit color Filters window and move our new filter higher in the list.
You need to first click on the desired filter. In our case the NDS Packets filter. And then click the Up botton to position this filter in the desired location. In our case we need to move it above the NCP color filter.
Now after clicking the OK button we see the main Ethereal screen displays our NDS packets with our desired color. Please note that this color filter will not be saved if you close out Ethereal. To save the filter so that it will always be present each time you launch Ethereal. Then go back to the Edit Color Filter window and click on the Save button. This will write this filter to your preference files so that it will be used in all future launches of the application.
On Windows 2000 or later based OS's the preference files are located in \Documents and Settings\Administrator\Application Data\Ethereal.
Note that you can copy the preference files from one workstation to another by copying this directory. The location of these files are different on other OS's. Also on Windows 2000 or higher OS's the actual user directory will change if you are not logging into the workstation as Administrator.
.
note
Note: Ethereal is a free open source product. Novell does not provide support for this product. The purpose of this solution is to provide Novell employees and it's customers with information regarding the use of this free tool. To download, report issues, or to request for any enhancements, please consult the Ethereal website at
document
| Document Title: | How to configure colors in Ethereal |
| Document ID: | 10084708 |
| Solution ID: | NOVL90718 |
| Creation Date: | 02Jul2003 |
| Modified Date: | 03Jul2003 |
| Novell Product Class: | Netware Client |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.