In my last blog (Wireshark Custom Columns) I provided you information on customizing your Wireshark interface depending on the problem you are troubleshooting. These custom profiles are extremely helpful in providing the needed information for troubleshooting the vast range of issues you will encounter. As you increase your effectiveness as a analyst you will undoubtedly be called to resolve issues on many different networks other than your own. These situations may require that you utilize local hardware and software to troubleshoot with. In these situation you can rapidly become effective by transferring the custom profiles from your local system to this new system. Wireshark makes it easy to transfer your custom profile simply by copying a set of plain-text files between the two systems.
To locate these configuration files you simple have to open the “Help” menu item as shown below and selecting “About Wireshark“.
Next open the “Folders” tab on the About Wireshark menu.
The “Personal Configuration” folder is the location where your customized profiles are stored.
Each of your custom profiles will be stored in a separate folder. You simply have to copy this folder to removable media and transfer to the other computers “Personal Configuration” folder. When you restart Wireshark on the new computer your profiles should not be installed. It’s that simple!
Now this makes it easy to transfer the custom profiles between system I feel Wireshark can make this easier in future releases. Understanding that most good technologist will have customized views and have multiple computers it would make sense that Wireshark provide some kind of cloud synchronization for profiles. I’ll keep an eye open for this update and post any progression in this area.
In my next blog I will look at how to customize your coloring rules.