VisualEther

Protocol Analyzer

6.1
USER MANUAL

VISUALETHER PROTOCOL ANALYZER 6.1

VisualEther Protocol
Analyzer 6.1
Visually debug protocol interactions
Generate sequence diagrams and context
diagrams from Wireshark output. The
sequence diagrams provide a visual trace of
the packet flow between different nodes.
The collaboration diagrams give a birdseye-view of the protocol interactions.

Summarize Wireshark output

Define templates to select the messages
and the fields to be included in the
generated diagrams. VisualEther analyzes
the Wireshark output to generate
documents that match the defined
template.
The template is defined as a simple XML file
that supports TCP, UDP, SCTP, IP, MAC and
WiFi level message filters. IPv4 and IPv6 are
fully supported.
You are not limited to the predefined
protocols. Any protocol that has a
Wireshark dissector is supported.

VISUALETHER PROTOCOL ANALYZER 6.1

while maintaining full message detail

Click on any message in PDF sequence
diagrams. VisualEther shows you complete field
level details of that message in a browser
window.
The message nodes can be expanded and
collapsed. This way you can focus on the part of
the message that interests you.

Reverse engineer system design

Reverse engineering system design by analyzing
the message flow in an operational system.
Design documents are generated from the
Wireshark traces. The generated documents can
be edited and reformatted using EventStudio
System Designer.

Script sequence diagram generation

Invoke VisualEther from the command-line to generate sequence diagrams from scripts.
Navigate to advanced system settings:

Computer -> System Properties -> Advanced System Settings -> Advanced tab
Update path:

Edit Environment Variables and add VisualEther installation directory in the path
Invoke from command-line:

vether <.pcap file><.fxt.xml file>

VISUALETHER PROTOCOL ANALYZER 6.1

Wireshark to sequence
diagrams
Convert Wireshark output to sequence
diagrams

1 Save Wireshark
capture in a PCAP file.

VISUALETHER PROTOCOL ANALYZER 6.1

2 Specify the PCAP

file in VisualEther.

3 Load the FXT file that

defines the templates for
the messages to be
included in the sequence
diagram.

4 Click to generate
sequence diagrams.

VISUALETHER PROTOCOL ANALYZER 6.1

5 VisualEther generates
a sequence diagram.

6 Click on any
message in the PDF file
to see field level details.

7 See a detailed
dump of the message.

VISUALETHER PROTOCOL ANALYZER 6.1

Select messages and parameters to

include in sequence diagrams

1 Right click and

copy the field name.

Note that Wireshark also

displays the fieldname in
the status bar.

VISUALETHER PROTOCOL ANALYZER 6.1

Define a FXT file with templates for messages you wish to include in the message.

2 Click SCTP. The

selected field code is
used as the opcode.

3 Similarly copy the

fieldnames from Wireshark
and click param for each
parameter.

VISUALETHER PROTOCOL ANALYZER 6.1

4 Click the Generate Diagrams

button and find the newly added
message in the sequence diagram.

VISUALETHER PROTOCOL ANALYZER 6.1

Specify the color and style for messages

<?xml version="1.0" encoding="utf-8"?>
<FXT>
<!-- Message Template for Domain Name System (DNS) Extraction -->
<udp-message style="greenkhaki">
<opcode regex-match="^Domain">dns</opcode>
<param>dns.qry.name</param>
<param>dns.resp.name</param>
<param>dns.Addr</param>
</udp-message>
<!-- Template for Hypertext Transfer Protocol (HTTP) Request Extraction -->
<tcp-message style="redblue">
<opcode>http.request.method</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>http.response.code</param>
<param>http.If-Modified-Since</param>
<param>tcp.len</param>
</tcp-message>

1 Add a style to a filter to

choose the font, size and color.

<!-- Template for Hypertext Transfer Protocol (HTTP) Response -->

<tcp-message style="purpleblue">
<opcode>http.response.code</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>tcp.len</param>
</tcp-message>
<!-- Default Message Template for Hypertext Transfer Protocol (HTTP) -->
<tcp-message style="bluegreen">
<opcode>http</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>http.response.code</param>
<param>tcp.len</param>
</tcp-message>
</FXT>

VISUALETHER PROTOCOL ANALYZER 6.1

2 Regenerate documents
with selected styles.

10

VISUALETHER PROTOCOL ANALYZER 6.1

Sample styles

3 Customize the themes by

editing the VisualEther.fdl file.

style redblue: textcolor=FIREBRICK, color=ROYALBLUE, paramcolor=SLATEBLUE

style bluegreen: textcolor=DODGERBLUE, color=LIMEGREEN, paramcolor=FORESTGREEN
style bluegrey: textcolor=MEDIUMBLUE, color=GREY, paramcolor=DIMGREY
style greenkhaki: textcolor=OLIVEDRAB, color=DARKKHAKI, paramcolor=OLIVE
style purpleblue: textcolor=PURPLE, color=DARKBLUE, paramcolor=DODGERBLUE

11

VISUALETHER PROTOCOL ANALYZER 6.1

Bookmark messages for quick access

<?xml version="1.0" encoding="utf-8"?>
<FXT>
<!-- Message Template for Domain Name System (DNS) Extraction -->
<!-- Capture DNS messages apply the greenkhaki style. Use the
bookmark attribute for quick navigation in the PDF file . -->
<udp-message style="greenkhaki" bookmark="true" >
<opcode regex-match="^Domain">dns</opcode>
<param>dns.qry.name</param>
<param>dns.resp.name</param>
<param>dns.Addr</param>
</udp-message>
<!More templates -->
</FXT>

1 Select the messages

to be bookmarked.

2 Bookmarked messages let

you navigate quickly through a
large sequence diagram.

12

VISUALETHER PROTOCOL ANALYZER 6.1

Use regular expressions for content

based filter selection and styling
<?xml version="1.0" encoding="utf-8"?>
<FXT>
<!-- Template for Domain Name System (DNS) Extraction -->
<!-- Capture DNS messages that end with (query).
Apply the greenkhaki style.
Also bookmark in PDF.
. -->
<udp-message style="greenkhaki" bookmark="true" >
<opcode regex-match="\(query\)$">dns</opcode>
<param>dns.qry.name</param>
<param>dns.resp.name</param>
<param>dns.Addr</param>
</udp-message>
<!-- Other DNS messages are included but they are not bookmarked. -->
<udp-message style="greenkhaki">
<opcode regex-match="^Domain">dns</opcode>
<param>dns.qry.name</param>
<param>dns.resp.name</param>
<param>dns.Addr</param>
</udp-message>

Filters can be applied

on the content of
the captured field.

<!-- Template for Hypertext Transfer Protocol (HTTP) Request Extraction -->
<tcp-message style="redblue">
<opcode>http.request.method</opcode>
<param>http.request.uri</param>
<param>http.request.version</param>
<param>http.response.code</param>
<param>http.If-Modified-Since</param>
<param>tcp.len</param>
</tcp-message>
<!more... -->
</FXT>

13

VISUALETHER PROTOCOL ANALYZER 6.1

Use regular expression substitution to

customize the displayed text
<?xml version="1.0" encoding="utf-8"?>
<FXT>
<!-- Call control messages -->
<sctp-message style="bluegreen">
<opcode regex-match=".*DTAP Call Control Message Type: (.*)"
regex-replace="DTAP CC $1">gsm_a.dtap_msg_cc_type</opcode>
<param>gsm_a.cld_party_bcd_num</param>
<param>gsm_a.numbering_plan_id</param>
<param>gsm_a_dtap.cause</param>
<param>gsm_a.imsi</param>
</sctp-message>
<!-- Mobility management messages -->
<sctp-message style="purpleblue" bookmark="true">
<opcode regex-match=".*DTAP Mobility Management Message Type: (.*)"
regex-replace="DTAP MM $1">gsm_a.dtap_msg_mm_type</opcode>
<param>gsm_a.cld_party_bcd_num</param>
<param>gsm_a.numbering_plan_id</param>
<param>gsm_a_dtap.cause</param>
<param>gsm_a.imsi</param>
</sctp-message>
<!-- RANAP signaling -->
<sctp-message style="redblue">
<opcode regex-match="procedureCode: id-(.*)"
regex-replace="RANAP $1">ranap.procedureCode</opcode>
<param>ranap.pLMNidentity</param>
<param>ranap.id</param>
<param>gsm_a.imsi</param>
</sctp-message>

You can further customize the content of opcodes

and parameters with regular expression
substitution.

<!more ... -->

</FXT>

Group the patterns you are interested in and

reference them with $1, $2

14

VISUALETHER PROTOCOL ANALYZER 6.1

Specify a host file to map IP addresses

to meaningful names

1 By default, IP addresses
are used in sequence
diagram headings.

2 Map the addresses

# Hosts file for the UMTS
172.210.0.1 UTRAN1
172.210.0.2 CoreNetwork1

to names in HOSTS.txt
example
file and place it in the
same directory as the
PCAP file.

3 Generate diagrams.
Notice that the
sequence diagrams now
use the hosts file
translation.

15

VISUALETHER PROTOCOL ANALYZER 6.1

Choose between port level and IP

address level sequence diagrams
VisualEther lets to draw sequence diagrams at IP address level or port level. The difference between
the three options is best explained with diagrams:

Draw instance axis at IP address level

16

VISUALETHER PROTOCOL ANALYZER 6.1

Draw instance axis at IP address level and display port

numbers

17

VISUALETHER PROTOCOL ANALYZER 6.1

Draw instance axis at TCP, UDP and SCTP port level

18

VISUALETHER PROTOCOL ANALYZER 6.1

Filter out periodic and traffic messages

When capturing SIP and IMS calls, RTP and RTCP packets can crowd out the signaling handshakes.
Periodic messages like the Wi-Fi beacon can also clutter the generated sequence diagram.
A filter attribute can be added to filter out periodic and traffic flow messages. When the filter
attribute is set, only one message of the matching message type is displayed.

1 The SIP-RTP sample

results in a 75 page
call flow if all RTP
packets are shown!

2 Set the filter attribute

in the .fxt.xml file. The
call flow shrinks to 4
pages focused on call
signaling.

19

VISUALETHER PROTOCOL ANALYZER 6.1

Extract tunneled messages

When dealing with tunneling protocols like GTP you can choose between the outer and the inner
message by specifying the skip attribute.

By default,
VisualEther will select
the fields from the
outer message

Fields from the inner

message can be
selected by using the
skip=1 attribute

20

VISUALETHER PROTOCOL ANALYZER 6.1

Capturing the outer message

VisualEther defaults to capturing the outer message.
<?xml version="1.0" encoding="utf-8"?>
<FXT>
<message>
<opcode>gtp.message</opcode>
<param>gtp.length</param>
<param>gtp.teid</param>
<param>gtp.seq_number</param>
<param>gtp.apn</param>
<param>pap.code</param>
<param>gtp.gsn_ipv4</param>
<param>gsm_map.address.digits</param>
<source>
<address>ip.src</address>
</source>
<destination>
<address>ip.dst</address>
</destination>
</message>
</FXT>

Capturing the inner message

Adding a skip attribute results in VisualEther ignoring the outer message fields and capturing the
fields from the inner message.
<?xml version="1.0" encoding="utf-8"?>
<FXT>
<message>
<opcode>icmp.type</opcode>
<param skip="1">ip.len</param>
<source>
<address skip="1">ip.src</address>
</source>
<destination>
<address skip="1">ip.dst</address>
</destination>
</message>
</FXT>

21

VISUALETHER PROTOCOL ANALYZER 6.1

Explore the examples

Get started with examples that cover a range of protocols from ARP to X.509. The examples
include PCAP files, extraction template files (.FXT.XML).
Some examples include Hosts.txt file that allows you to substitute IP address axis headings with
host names.
The examples are installed in:

My Documents\VisualEther Documents\Examples

1 Click Explore Examples to

browse the available examples.

22

VISUALETHER PROTOCOL ANALYZER 6.1

2 Choose from more

than 45 examples.

23

VISUALETHER PROTOCOL ANALYZER 6.1

run-all.bat Script diagram generation

Add the VisualEther installation directory to the default search path. Use the start /wait primitive in
batch files to invoke VisualEther via a command-line interface.
The run-all.bat sample batch file in the Examples directory generates diagrams from all the samples
included with VisualEther.

24

VISUALETHER PROTOCOL ANALYZER 6.1

FXT reference
Supported protocols
<?xml version="1.0" encoding="utf-8" ?>
<FXT>
<!-- Message Templates for Session Initiation Protocol (SIP) Extraction -->
<udp-message>
<opcode display="brief">sip.Request-Line</opcode>
<param display="brief">sip.from.addr</param>
<param display="brief">sdp.connection_info</param>
</udp-message>

UDP v4

<udp-message>
<opcode display="brief">sip.Request-Line</opcode>
<param display="brief">sip.from.addr</param>
<param display="brief">sdp.connection_info</param>
</udp-message>

UDP v6

<!-- Message Template for File Transfer Protocol (FTP) Extraction -->
<tcp-message>
<opcode display="brief">ftp</opcode>
<param display="brief">ftp.response.code</param>
<param display="brief">ftp.response.arg</param>
<param display="brief">ftp.request.command</param>
</tcp-message>

TCP v4

TCP v6

<tcpv6-message>
<opcode display="brief">ftp</opcode>
<param display="brief">ftp.response.code</param>
<param display="brief">ftp.response.arg</param>
<param display="brief">ftp.request.command</param>
</tcpv6-message>

25

VISUALETHER PROTOCOL ANALYZER 6.1

<!--

Message Template for Transaction Capabilities Application Part (TCAP)

Extraction -->
<sctp-message style="redblue">
<opcode>tcap</opcode>
<param>tcap.oid</param>
<param>tcap.application_context_name</param>
<param>tcap.otid</param>
<param>tcap.msgtype</param>
</sctp-message>

SCTP v4 for telecom signaling

<sctpv6-message style="redblue">
<opcode>tcap</opcode>
<param>tcap.oid</param>
<param>tcap.application_context_name</param>
<param>tcap.otid</param>
<param>tcap.msgtype</param>
</sctpv6-message>

SCTP v6 for telecom signaling

<!-- Message Template for Internet Control Message Protocol (ICMP)

Extraction -->
<ip-message>
<opcode>icmp.type</opcode>
<param>icmp.seq</param>
</ip-message>

IPv4
<ipv6-message>
<opcode>icmp.type</opcode>
<param>icmp.seq</param>
</ipv6-message>

IPv6
<!-- Display the beacon message, but filter out duplicates -->
<wifi-message filter="true" style="grey">
<opcode regex-match="Type/Subtype: Beacon (.*)" regexreplace="IEEE 802.11: Beacon $1">wlan.fc.type_subtype</opcode>
<param>wlan.seq</param>
<param regex-match="Tag interpretation: (.*)" regexreplace="$1">wlan_mgt.tag.interpretation </param>
<param>data.len</param>
</wifi-message>

WiFi 802.11 Wireless LAN

26

VISUALETHER PROTOCOL ANALYZER 6.1

<!-- Display ARP messages -->

<mac-message style="purpleblue">
<opcode regex-match="Opcode: (.*)" regex-replace="ARP $1">arp.opcode</opcode>
<param regex-match="(.*)\((.*)\)"
regex-replace="Who has $2?">arp.dst.proto_ipv4</param>
<param regex-match="(.*)\((.*)\)"
regex-replace="Tell $2">arp.src.proto_ipv4</param>
</mac-message>

</FXT>

Ethernet frames

Define your own protocols

You are not limited to the predefined protocols. You can add filters for any custom protocol using
the <source> and <destination> tags.
The following example demonstrates how the source and destination entities can be specified using
the source and destination tags. These address tag in source and destination identifies the node. The
port tag specifies the field that maps to the port number. Here the originating and destination point
codes are used as the source and destination nodes. The SLS field is used as the port number.
<?xml version="1.0" encoding="utf-8" ?>
<!-- -->
<FXT>
<!-- MAP (Mobile Application Part) messages -->
<message style ="purpleblue">
<opcode
regex-match="private: \d{4} (.*)"
regex-replace="MAP $1">ansi_tcap.private</opcode>
<param>ansi_map.bcd_digits</param>
<param>ansi_map.mscid</param>
<param>ansi_map.serviceIndicator</param>
<param>ansi_map.actionCode</param>
<param>ansi_683.for_msg_type</param>
<param>ansi_683.rev_msg_type</param>
<param>ansi_tcap.ComponentPDU</param>
<source>
<address>mtp3.opc</address>
<port>mtp3.sls</port>
</source>
<destination>
<address>mtp3.dpc</address>
<port>mtp3.sls</port>
</destination>
</message>
</FXT>

SS7 support added with

point codes as addresses
and SLS as port number.

27

VISUALETHER PROTOCOL ANALYZER 6.1

Specify the message type and

parameters
<opcode>

<param>

The <opcode> tag

extracts the message
name. A message is only
included if a matching
<opcode> tag is found.

<sctp-message style="redblue">
<opcode regex-match="procedureCode: id-(.*)"
regex-replace="RANAP $1">ranap.procedureCode</opcode>
<param>ranap.pLMNidentity</param>
<param>ranap.id</param>
<param>gsm_a.imsi</param>
</sctp-message>

Use the <param> tag to specify

the parameters that should be
included with the message.

28

VISUALETHER PROTOCOL ANALYZER 6.1

Include remarks
<remark>

<sctp-message style="purpleblue" bookmark="true">

<opcode regex-match=".*DTAP Mobility Management Message Type: (.*)"
regex-replace="DTAP MM $1">gsm_a.dtap_msg_mm_type</opcode>
<param>gsm_a.cld_party_bcd_num</param>
<param>gsm_a.numbering_plan_id</param>
<param>gsm_a_dtap.cause</param>
<param>gsm_a.imsi</param>
<remark>frame</remark>
</sctp-message>

You may also specify a <remark> tag

to display a field next to the message.
If no tag is specified, the time of
message receive will be displayed.

29

VISUALETHER PROTOCOL ANALYZER 6.1

Attributes
Bookmark messages
Color the messages in a
combination of Green
and Khaki colors.

Bookmark the
message in PDF for
easy access.

<udp-message style="greenkhaki" bookmark="true" >

<opcode regex-match="\(query\)$">dns</opcode>
<param>dns.qry.name</param>
Only match DNS
<param>dns.resp.name</param>
<param>dns.Addr</param>
messages that end
</udp-message>

with the string

(query)

Substitute default Wireshark text with regular

expressions
<sctp-message style="redblue">
<opcode regex-match="procedureCode: id-(.*)"
regex-replace="RANAP $1">ranap.procedureCode</opcode>
<param>ranap.pLMNidentity</param>
<param>ranap.id</param>
<param>gsm_a.imsi</param>
</sctp-message>

Replace Wireshark text. The

extracted part is substituted with $1.

30

VISUALETHER PROTOCOL ANALYZER 6.1

Filter out periodic messages

<!-- Display the beacon message, but filter out duplicates -->
<wifi-message filter="true" style="grey">
<opcode regex-match="Type/Subtype: Beacon (.*)"
regex-replace="IEEE 802.11: Beacon $1">wlan.fc.type_subtype</opcode>
<param>wlan.seq</param>
<param regex-match="Tag interpretation: (.*)"
regex-replace="$1">wlan_mgt.tag.interpretati on</param>
<param>data.len</param>
</wifi-message>

Filter out periodic and voice traffic

by specifying the filter attribute.

Choose the field to select from multiple occurrences in

a message
Use the skip attribute to ignore the specified number of occurrences of a field code. Use the skip
attribute to extract tunneled messages.
<?xml version="1.0" encoding="utf-8"?>
<FXT>
<message>
<opcode>icmp.type</opcode>
<param skip="1">ip.len</param>
<source>
<address skip="1">ip.src</address>
</source>
<destination>
<address skip="1">ip.dst</address>
</destination>
</message>
</FXT>

Use the skip attribute

ignore the first
occurrence of the field.

31

VISUALETHER PROTOCOL ANALYZER 6.1

Regular expressions
The samples included with VisualEther should be suitable for a large variety of matching and
searching scenarios. For more complicated needs we recommend:

Regular expression quick reference

http://msdn.microsoft.com/en-us/library/az24scfc.aspx

Free regular expression tool - Expresso

http://www.ultrapico.com/expresso.htm

32

VISUALETHER PROTOCOL ANALYZER 6.1

Working around incomplete Wireshark

field definitions
In rare cases you will find that Wireshark does not have the correct field definition.
For example, the MP Reach NLRI fields do not have a field name (normally field name is displayed in
the status bar).

In such cases text before the colon

may be used as the field name.

33

VISUALETHER PROTOCOL ANALYZER 6.1

Colors
A handy reference for predefined colors in EventStudio. Use these definitions to define your own
styles in VisualEther.fdl file.

BLACK

"0.0,0.0,0.0"

DIMGRAY

"0.41,0.41,0.41"

DIMGREY
GRAY

"0.41,0.41,0.41"
"0.50,0.50,0.50"

GREY

"0.50,0.50,0.50"

DARKGREY
DARKGRAY

"0.66,0.66,0.66"
"0.66,0.66,0.66"

SILVER

"0.75,0.75,0.75"

LIGHTGRAY
LIGHTGREY

"0.83,0.83,0.83"
"0.83,0.83,0.83"

GAINSBORO

"0.86,0.86,0.86"

WHITESMOKE
WHITE

"0.96,0.96,0.96"
"1.00,1.00,1.00"

ROSYBROWN

"0.74,0.56,0.56"

INDIANRED

"0.80,0.36,0.36"

BROWN
FIREBRICK

"0.65,0.16,0.16"
"0.70,0.13,0.13"

LIGHTCORAL

"0.94,0.50,0.50"

MAROON
DARKRED

"0.50,0.0,0.0"
"0.55,0.0,0.0"

RED

"1.00,0.0,0.0"

SNOW
SALMON

"1.00,0.98,0.98"
"0.98,0.50,0.45"

MISTYROSE

"1.00,0.89,0.88"

TOMATO
DARKSALMON

"1.00,0.39,0.28"
"0.91,0.59,0.48"

ORANGERED

"1.00,0.27,0.0"

CORAL
LIGHTSALMON

"1.00,0.50,0.31"
"1.00,0.63,0.48"

34

VISUALETHER PROTOCOL ANALYZER 6.1

SIENNA

"0.63,0.32,0.18"

CHOCOLATE

"0.82,0.41,0.12"

SADDLEBROWN
SEASHELL

"0.55,0.27,0.7"
"1.00,0.96,0.93"

SANDYBROWN

"0.96,0.64,0.38"

PEACHPUFF
PERU

"1.00,0.85,0.73"
"0.80,0.52,0.25"

LINEN

"0.98,0.94,0.90"

DARKORANGE
BISQUE

"1.00,0.55,0.0"
"1.00,0.89,0.77"

TAN

"0.82,0.71,0.55"

BURLYWOOD

"0.87,0.72,0.53"

ANTIQUEWHITE

"0.98,0.92,0.84"

NAVAJOWHITE

"1.00,0.87,0.68"

BLANCHEDALMOND
PAPAYAWHIP

"1.00,0.92,0.80"
"1.00,0.94,0.84"

MOCCASIN

"1.00,0.89,0.71"

WHEAT
OLDLACE

"0.96,0.87,0.70"
"0.99,0.96,0.90"

ORANGE

"1.00,0.65,0.0"

FLORALWHITE
GOLDENROD

"1.00,0.98,0.94"
"0.85,0.65,0.13"

DARKGOLDENROD

"0.72,0.53,0.4"

CORNSILK
GOLD

"1.00,0.97,0.86"
"1.00,0.84,0.0"

KHAKI

"0.94,0.90,0.55"

LEMONCHIFFON
PALEGOLDENROD

"1.00,0.98,0.80"
"0.93,0.91,0.67"

DARKKHAKI

"0.74,0.72,0.42"

BEIGE
LIGHTGOLDENRODYELLOW

"0.96,0.96,0.86"
"0.98,0.98,0.82"

OLIVE

"0.50,0.50,0.0"

YELLOW

"1.00,1.00,0.0"

LIGHTYELLOW
IVORY

"1.00,1.00,0.88"
"1.00,1.00,0.94"

OLIVEDRAB

"0.42,0.56,0.14"

35

VISUALETHER PROTOCOL ANALYZER 6.1

YELLOWGREEN

"0.60,0.80,0.20"

DARKOLIVEGREEN

"0.33,0.42,0.18"

GREENYELLOW
LAWNGREEN

"0.68,1.00,0.18"
"0.49,0.99,0.0"

CHARTREUSE

"0.50,1.00,0.0"

DARKSEAGREEN
FORESTGREEN

"0.56,0.74,0.56"
"0.13,0.55,0.13"

LIMEGREEN

"0.20,0.80,0.20"

LIGHTGREEN
PALEGREEN

"0.56,0.93,0.56"
"0.60,0.98,0.60"

DARKGREEN

"0.0,0.39,0.0"

GREEN

"0.0,0.50,0.0"

LIME

"0.0,1.00,0.0"

HONEYDEW

"0.94,1.00,0.94"

SEAGREEN
MEDIUMSEAGREEN

"0.18,0.55,0.34"
"0.24,0.70,0.44"

SPRINGGREEN

"0.0,1.00,0.50"

MINTCREAM
MEDIUMSPRINGGREEN

"0.96,1.00,0.98"
"0.0,0.98,0.60"

MEDIUMAQUAMARINE

"0.40,0.80,0.67"

AQUAMARINE
TURQUOISE

"0.50,1.00,0.83"
"0.25,0.88,0.82"

LIGHTSEAGREEN

"0.13,0.70,0.67"

MEDIUMTURQUOISE
DARKSLATEGRAY

"0.28,0.82,0.80"
"0.18,0.31,0.31"

DARKSLATEGREY

"0.18,0.31,0.31"

PALETURQUOISE
TEAL

"0.69,0.93,0.93"
"0.0,0.50,0.50"

DARKCYAN

"0.0,0.55,0.55"

AQUA
CYAN

"0.0,1.00,1.00"
"0.0,1.00,1.00"

LIGHTCYAN

"0.88,1.00,1.00"

AZURE

"0.94,1.00,1.00"

DARKTURQUOISE
CADETBLUE

"0.0,0.81,0.82"
"0.37,0.62,0.63"

POWDERBLUE

"0.69,0.88,0.90"

36

VISUALETHER PROTOCOL ANALYZER 6.1

LIGHTBLUE

"0.68,0.85,0.90"

DEEPSKYBLUE

"0.0,0.75,1.00"

SKYBLUE
LIGHTSKYBLUE

"0.53,0.81,0.92"
"0.53,0.81,0.98"

STEELBLUE

"0.27,0.51,0.71"

ALICEBLUE
SLATEGREY

"0.94,0.97,1.00"
"0.44,0.50,0.56"

SLATEGRAY

"0.44,0.50,0.56"

LIGHTSLATEGREY
LIGHTSLATEGRAY

"0.47,0.53,0.60"
"0.47,0.53,0.60"

DODGERBLUE

"0.12,0.56,1.00"

LIGHTSTEELBLUE

"0.69,0.77,0.87"

CORNFLOWERBLUE

"0.39,0.58,0.93"

ROYALBLUE

"0.25,0.41,0.88"

MIDNIGHTBLUE
LAVENDER

"0.10,0.10,0.44"
"0.90,0.90,0.98"

NAVY

"0.0,0.0,0.50"

DARKBLUE
MEDIUMBLUE

"0.0,0.0,0.55"
"0.0,0.0,0.80"

BLUE

"0.0,0.0,1.00"

GHOSTWHITE
DARKSLATEBLUE

"0.97,0.97,1.00"
"0.28,0.24,0.55"

SLATEBLUE

"0.42,0.35,0.80"

MEDIUMSLATEBLUE
MEDIUMPURPLE

"0.48,0.41,0.93"
"0.58,0.44,0.86"

BLUEVIOLET

"0.54,0.17,0.89"

INDIGO
DARKORCHID

"0.29,0.0,0.51"
"0.60,0.20,0.80"

DARKVIOLET

"0.58,0.0,0.83"

MEDIUMORCHID
THISTLE

"0.73,0.33,0.83"
"0.85,0.75,0.85"

PLUM

"0.87,0.63,0.87"

VIOLET

"0.93,0.51,0.93"

PURPLE
DARKMAGENTA

"0.50,0.0,0.50"
"0.55,0.0,0.55"

FUCHSIA

"1.00,0.0,1.00"

37

VISUALETHER PROTOCOL ANALYZER 6.1

MAGENTA

"1.00,0.0,1.00"

ORCHID

"0.85,0.44,0.84"

MEDIUMVIOLETRED
DEEPPINK

"0.78,0.08,0.52"
"1.00,0.08,0.58"

HOTPINK

"1.00,0.41,0.71"

PALEVIOLETRED
LAVENDERBLUSH

"0.86,0.44,0.58"
"1.00,0.94,0.96"

CRIMSON

"0.86,0.08,0.24"

PINK
LIGHTPINK

"1.00,0.75,0.80"
"1.00,0.71,0.76"

38