After installing Wireshark the following columns are present in the Packet List pane:
No., Time, Source, Destination, Protocol and Info.
You might want to add some columns, that are useful for analysis purposes.
In this article I will show you how to add, customize and display/hide columns.
Some of the options are only available in the Development release.
You can download the latest Development Release, Wireshark version 1.5.1., here.
Continue reading to learn all about it.
You can use protocol fields in the Packet Details pane to create new columns in the Packet List.
In this example I have expanded the subtree Hypertext Transfer Protocol and have selected:
You can see the selected protocol field in the statusbar: https.host
The next step is to right-click "Host: ask.wireshark.org\r\n" and select "Apply as Column" from the context menu.
The next screenshot shows you the new column "Host" in the Packet List.
In the following example I will add another column to the Packet List and will customize this column.
Select a packet in the Packet List pane, that contains the TCP protocol.
Expand Transmission Control Protocol in the Packet Details pane.
Select "Source port: ....".
Right-click and select "Apply as Column" to add the column "Source Port" to the Packet List.
Next right-click the column "Source Port" in the Packet List column header.
Select "Edit Column Details…".
Change the Title "Source Port" to "TCP Port".
Change the Field name "tcp.srcport" to "tcp.port".
As you can see in the following screenshot the TCP source and TCP destination port show up in the same column.
Display or Hide Columns
Right-click a column in the Packet List column header.
Go to "Displayed Columns".
Select the column you want to hide.
Note that the check mark has disappeared in the context menu.
The column is not visible in the Packet List anymore.
You can repeat those steps to display a column again.
You can also select "Display All" to display all hidden columns at once.
If you definitely want to get rid of a column, you can select "Remove Column".
Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.
What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.