How To configure Wireshark to show RTPS packets with specific colors

Submitted by Juanjo Martin on Tue, 01/05/2016 - 04:08

Important note: the most updated version of Wireshark is available in https://www.wireshark.org/download/automated. This version is based on the development branch and contains all the latest improvements and bugfixes.

One of the differences between RTI Wireshark and the Wireshark available in www.wireshark.org (or using any Packets Manager like apt-get or yum), is that RTI Wireshark has custom coloring rules for the RTPS packets. These coloring rules can be seen in the main menu > View > Coloring rules. For instance, these are the ones provided by default:

We have two ways to modify these coloring rules.

Method 1. Modifying the Coloring rules manually in the GUI

In order to do this, we just need to add them manually in the window above. The result should be like this:

Method 2. Modifying the "colorfilters" file.

At the end, the content is recorded in a file named "colorfilters". By default, this file can be found in:

  • Windows: C:\Program Files (x86)\Wireshark\colorfilters
  • Linux: It depends on the distribution. Typically, /usr/share/wireshark/colorfilters or /usr/local/share/wireshark/colorfilters
  • OSX: /Applications/wireshark.app/Contents/Resources/share/wireshark/colorfilters

Although the content of this file says "DO NOT MODIFY", there is no risk in performing this change. We need to add this at the beginning of the file (after the comment):

# DO NOT EDIT THIS FILE!  It was created by Wireshark
@RTI TCP@rtitcp&&!rtps@[65535,65535,65535][23690,0,65535]
@NDDS Ping@udp[16-23] == "NDDSPING" || rtps.sm.id == 0x82@[65535,65535,65535][0,32639,1676]
@User traffic@(rtps.sm.wrEntityId.entityKind == 0x02) || (rtps.sm.wrEntityId.entityKind == 0x03)@[65535,65535,65535][43801,2639,5300]
@Meta traffic@(rtps.sm.wrEntityId.entityKind == 0xc2) || (rtps.sm.wrEntityId.entityKind == 0xc3)@[65535,65535,65535][7710,6930,44581]
@Non-RTPS traffic@!rtps@[65535,65535,65535][35939,35939,35939]

The resulting file is attached in case you prefer to simply download it and replace your current one. Remove the .txt extension if you do so.

Note: From Wireshark version 2.2.0 and higher, some filter fields have changed their syntax, and color filters have been adjusted accordingly. If your Wireshark version is 2.2.0 or higher, download colorfilters.220.txt instead, then remove the .220.txt extension to replace your current one.

If you experience any issue when changing the coloring rules, please email support@rti.com.

Tags:
Attachments: 
Plain text icon colorfilters.220.txt
Plain text icon colorfilters.txt