This page contains a set of sample coloring rules that people have shared with the Wireshark community. You can learn more about coloring rules and packet colorization in the User's Guide.
As both coloring rules and display filters share the same syntax, you might have a look at the DisplayFilters page.
The coloring rules were previously called color filters and a file named colorfilters is still used to store them, as a result you will often see both terms used the same way.
Loading and Saving Rule Sets
To use one of the coloring rules files listed here, download it to your local machine, select View→Coloring Rules in Wireshark, and click the Import… button.
If you'd like to add an entry to this page you can export a rule set by clicking on the Export… button in the Coloring Rules dialog. (It helps if you save the file with a ".txt" extension.) To upload the exported file, click on the AttachFile link on the left. If you wish to include a screen shot, please create a separate page for your filter and put the screen shot and filter on that page. A WikiSandBox is available if you want to practice attaching files.
Sample Coloring Rules
Contributor: Ronnie Sahlberg
Description: Sample color filter file.
Contributor: Gerald Combs
Description: Another general purpose filter. Includes highlighting of home style routers (D-Link, Netgear & Linksys); AppleTalk & IPX/SPX protocols; OSPF, STP & HRSP events. Useful for the corporate LAN. **Modified after stealing ideas from some of the other submissions.
Contributor: Peter Bruno
Description: Example emphasized on detecting errors and coloring client/server. It doesn't highlight particular protocols (as I usually filter interesting one). Edit Your MAC address before import ('from my PC' and 'to my PC' rules)
Thanks to Peter Bruno for some rules.
Description: Highlights SCSI check conditions in red and highlights iSCSI packets with no associated commands or no associated responses in purple. Note: logins and logouts do not have responses so they are also purple.
Description: Coloring of Wireless Authentication Packets for 802.11, WPA, and 11i protocols. Supports Preauth as well.
Description: Coloring of Wireless Lan Packets for 802.11, WPA, 11i and EAP protocols.