1
00:00:00,750 --> 00:00:08,130
In this lecture I will explain about how to work with colouring rules and how to save bucket cultures.

2
00:00:08,340 --> 00:00:15,680
So here we see that the sign by Gates is that we have configured the display 54 in the pages various

3
00:00:15,690 --> 00:00:19,470
lecture have the color of grey.

4
00:00:19,800 --> 00:00:24,530
And this is because you go to the colouring rules.

5
00:00:24,540 --> 00:00:35,740
We see that DTV sign and thin packets have this color by default in white shark and we see other coloring

6
00:00:35,740 --> 00:00:44,250
groups and these coloring rules help us to distinguish specific types of packets within our cultures.

7
00:00:44,250 --> 00:00:47,960
So what we want to create our own.

8
00:00:48,060 --> 00:00:58,610
You can click here and then for example I will search for you we dot port

9
00:01:01,600 --> 00:01:14,600
53 which is the port of DNS so we search for the S packets and then you will set the foreground to be

10
00:01:14,620 --> 00:01:23,230
read and the background color to be blue and I have to enable this rule.

11
00:01:23,480 --> 00:01:28,090
Then I will say okay then I care.

12
00:01:28,100 --> 00:01:40,550
So here we see these packets of DNS that are colorized with our colouring rule and we know that DNS

13
00:01:40,550 --> 00:01:54,110
packets are usually packets and we see here that we have BBB packets to be discolored but because the

14
00:01:54,290 --> 00:01:59,930
DNS rule is the first line then it takes precedence.

15
00:02:00,620 --> 00:02:12,050
So coloring rules are working like an access list so the first ones to presidents over the ones at the

16
00:02:12,050 --> 00:02:22,720
bottom so we have to put the most specific ones theirs and the most general ones at the bottom so I

17
00:02:23,410 --> 00:02:28,640
moved the Dennis rule here and then click OK.

18
00:02:28,780 --> 00:02:29,890
We see that

19
00:02:32,560 --> 00:02:38,760
packets belong now to the colouring rule of UDP

20
00:02:41,720 --> 00:02:53,100
we went and able to hold a few dv you see that the rule we have configured.

21
00:02:53,570 --> 00:02:59,230
He's working again and we can also colorized composition for sure.

22
00:02:59,300 --> 00:03:09,550
So for example if I want to colorized this composition I can click on color eyes composition and then

23
00:03:09,690 --> 00:03:15,060
TCB and I can select an existing color or create one.

24
00:03:15,170 --> 00:03:20,210
So we call that Amber

25
00:03:22,920 --> 00:03:23,510
version

26
00:03:26,820 --> 00:03:33,520
and here we see that the colouring rule has the same syntax of spelling filter.

27
00:03:34,860 --> 00:03:51,960
So now we forget the cars only to select yellow and red so when we search for buckets.

28
00:03:52,020 --> 00:03:55,710
This composition was different.

29
00:03:55,740 --> 00:04:08,760
OK so now we see this like it s and you can configure actor for compositions also so for example for

30
00:04:08,760 --> 00:04:15,830
this composition you same composition I can configure a complete composition so leave it there.

31
00:04:16,290 --> 00:04:28,740
So here we see the packets that belongs to these composition and in white shark we can also ignore and

32
00:04:31,940 --> 00:04:32,800
ignore buckets.

33
00:04:39,200 --> 00:04:46,190
And also we can Mark Hurd and Mark buckets.

34
00:04:46,190 --> 00:05:01,280
So for example I marked these two buckets and then came later to compare them so I will fully care spec

35
00:05:01,350 --> 00:05:12,850
it and on the second put them side by side for comparison and if I want to save if I could capture us

36
00:05:12,910 --> 00:05:16,810
I can go to the File menu and then click on Save us.

37
00:05:17,440 --> 00:05:23,490
But that will save the whole catch up so all the brackets capture.

38
00:05:24,000 --> 00:05:33,180
But what if I want to say the specific packets I can use the export features or export specific specific

39
00:05:33,180 --> 00:05:34,360
packets.

40
00:05:34,740 --> 00:05:48,360
And here we see that we can save the all captured buckets or just need split once and we can also save

41
00:05:48,360 --> 00:05:57,300
selected packets market buckets the buckets between the first and last one marked or specific range.

42
00:05:57,310 --> 00:06:04,780
And also we can remove ignore packets and here we see that the default format of saving packet capture

43
00:06:04,810 --> 00:06:13,600
is the pick up easy which is the recommended format of saving packet captures because it saves also

44
00:06:13,600 --> 00:06:24,350
the interfaces for capturing and the comments we write in so here in this lecture I have explained how

45
00:06:24,350 --> 00:06:31,040
to work with colouring rules which is it modified or another type of display filter and we have seen

46
00:06:31,190 --> 00:06:35,810
how to save or export packet captures.