Get plugged in for fast training on network troubleshooting and security. The All Access Pass online training system provides a range of troubleshooting, analysis and security courses on-demand.
Hiding Columns in Wireshark 1.4
This week we had over 800 people register for the free Wireshark 101 Jumpstart
During the webinar I focused on some of the cool new features of Wireshark
version 1.4.0. One of my favorite new features - Apply As Column - has even
gotten better than it was in the release candidate versions!
At Sharfest 2010, I was showing the new Apply As feature to the audience. Gerald
Combs, creator of Wireshark, was in that audience.
Simply right click on a field in a packet and choose Apply As to add that field as a
column in the Packet List pane. My favorite fields to add are:
During that presentation I mentioned how fabulous it would be if I could
temporarily hide one of the new columns then quickly enable it again later.
Voila! It's in Wireshark v1.4.0!
Try it Yourself
Download and extract all the book supplements (available online at
In Wireshark version 1.4.0, open the trace file called http-download-bad.pcap. This trace file contains the traffic of someone connecting to a web server and downloading a file. The performance stinks.
Expand the TCP header in packet #1 and right-click on the Window Size field (near the end of the TCP header). Select Apply As Column. Your new Window Size column appears in the Packet List pane.
Right click on the new Window Size column and select Rename Column Title... - change the name to WinSize.
Now click the new WinSize column twice to see the Window Size field values lowest to highest - do you see the "Window Zero" condition in the trace file? What is the IP address of the host that states it has no receive buffer space (indicated by a Window Size of 0)? Yup - that would be the problem with the file download process!
Let's say you don't always want to see that column though. Simply right click on the WinSize
column heading and select Hide Column. When you want to see it again, just right click on
any column heading and select Displayed Columns. Sweet!
Thanks Gerald and the Wireshark development team! This is a great addition!
Sign up for the newsletter to receive blog and schedule update information.