Wireshark Custom Columns

Posted on by

To effectively troubleshoot network traffic you must extract from the trace files key information points. To extract and view this information you must customize your protocol analyzer to present this custom view of the information. One of the most widely used protocol analyzers is the free tool called WireShark and by default this tool provides a very limited view into your trace files. Since this is the tool I personally use I will show you how I’ve customized it to provide the data I need.

Wireshark manages the custom views as different profiles. In the lower right corner you can see what the current view is set to.

*Note: When you change profiles it will have to reload the packets you are analyzing. This could take some time for large packet captures.

As you can tell the information here is very limited. Below is a custom profile I created and use most often.

Depending on what you are troubleshooting will decide which columns you need to view. That is why it is critical that you know how to customize this view and rapidly change between views.

 

Step 1.
Enter into your Wireshark preferences (Edit->Preferences) and select Columns from the left panel.
Step 2.
Select and organize the columns you would like to view and click Apply
Notice you do not have a “Move Up” or “Move Down” button to organize the order. You only need to click on the column you want to move and drag it to the new location.
*NOTE: This will make the changes to the currently viewed profile.

You’re done with the custom columns.
In my next blog I will show how to manage your custom profiles.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>