Hi ,

I recently got an enquiry about wireshark profiles, which lead me to write this article. We all know that wireshark is the best protocol analyzer out there and ‘profiles’ are the one of the feature that makes it the best.

As we know we use wireshark for many different scenarios. In each scenario we use different settings inside wireshark. Profiles enable us to save these configurations so that we can use this for another similar scenario.

Lets start.

In this case study let’s configure wireshark for analyzing DNS time.

Step 1 : Open wireshark and open a capture. By default the profile name is ‘default’.You can see the current profile in the bottom.

We need to create a new profile for current scenario.So right click on profile in bottom of the window.You will see a option name 'manage profiles'.Click on that.This will open a window with profiles.

As you can see profiles are listed here.We need to create a new profile.Select 'default' profile adn then click on copy.This will create a copy of 'default' profile.Rename profile as you wish.In this example i have named profile as 'DNS-sample'.Now your current profile is set to 'DNS-sample'.

Step 2: In this step we need to customize our new profile.We are going to set this profile to analyze DNS time delay.

To do this filter DNS packets.Go filter coloum in wireshark type 'DNS'.Now you can see only DNS traffic.

As you can see there is no coloum which tells us DNS time Delay.So we have to add additional coloum which shows that information.To do that open 'prefeferances' from edit menu.Select 'coloums'.

IN the coloums click on 'Add' button.You can double click on newly added coloum and chnage its name.I have chnaged it inot 'DNS'.In 'Feild type' select custom.In feild name type 'dns.time'.Click ok.

Now you added a new coloum called 'DNS' whose feild name is 'dns.time'.Our newly added coloum will now appear in wireshark coloums and we can see time resposnes of DNS requests.

You can Click on coloum header so that see DNS response time in ascending and descending values.

So in summary we have created a new profile name 'DNS-sample' and added a news coloum named 'DNS' having a function 'dns.time'.Next time when want to do an analysis on DNS you can simple switch to this profile.

Hope you enjoyed it.Please share your comments below.