A configuration profile is a set of preferences and configurations. Once you launch Wireshark, at the lower right-hand corner of the interface, you will see Profile: Default, as shown in the graphic status bar, which is found at the end of the Changing the layout section.

In Wireshark, users can create their own custom configuration profiles, which can include personalized preferences, coloring rules, font styles, or even disabled protocols.

To create a custom profile, go to Edit and then Configuration Profiles. One the dialog box is open, you will see that Wireshark has three standard configurations: Default, Bluetooth, and Classic, as shown in italics in the following screenshot:

It's easy to create a new profile: simply select the + sign and assign the profile a name. For example, I created a profile named Malware, as shown in the preceding screenshot. Once you add the profile, close the dialog box, and then you can modify the profile.

You can make several changes to suit your needs, such as the following:

• Modify the layout by going to View and then unchecking Packet Bytes.
• Go to Edit and then to Preferences, and make changes such as changes to font color and size, or even disable or change some of the protocols.

Wireshark will save any changes in the custom profile.

In my Malware profile, I wanted to modify the settings so I could hunt for an Ettercap signature. Ettercap is a tool that is used to launch man-in-the-middle attacks on a LAN. I want to be able to quickly identify the Ettercap signature e77e, which translates to ette (short for Ettercap) in Leetspeak. You can check by visiting https://www.dcode.fr/leet-speak-1337. This signature identifies Ettercap as it searches for other poisoners on a LAN.

To customize my profile, I adjusted the columns, removed the lower panel Packet Bytes, and added an Ette button (discussed in the Modifying complex expressions section), as shown at the top right-hand side of the following screenshot:

Using my Malware profile I can easily check for Ettercap poisoners by hitting my button, which will apply and run an icmp.ident == 0xe77e display filter and show all the packets with that signature, if any are present in the capture.

If you want to return back to the default profile, then right-click on the lower right-hand corner and select the profile you want to use, as shown in the following screenshot: