WEBVTT

00:00.240 --> 00:08.880
In this lecture, we are going to learn what all these columns mean and how to customize them.

00:08.970 --> 00:10.500
So let's get started.

00:10.770 --> 00:15.450
First column is an O and is short for number.

00:15.480 --> 00:17.010
Number column displays.

00:17.020 --> 00:22.930
The packets number to each packet, as you can see, has a unique number.

00:23.250 --> 00:31.830
By default, Wireshark automatically assigns a number one to the first packet in the list, and then

00:31.830 --> 00:37.260
it increments it by one up to the last packet in the list.

00:37.560 --> 00:39.060
Then we have time.

00:39.180 --> 00:45.870
Time column displays the exact time when a packet was captured.

00:46.020 --> 00:51.660
As you can see, by default, Wireshark only displays time in microseconds.

00:51.810 --> 00:52.200
Right.

00:52.440 --> 01:02.220
So if you want to display time in a more presentable or a readable format like date and time, go to

01:02.220 --> 01:08.190
the we will click on time display format from the first half.

01:08.430 --> 01:15.220
Select time of the day again go to the view time or display format from bottom half.

01:15.240 --> 01:21.390
You can select seconds, milliseconds or microseconds, so whatever you know fits you.

01:21.570 --> 01:23.280
I'm going to select seconds.

01:23.490 --> 01:30.570
As you can see, guys, now we have a proper format for displaying the time, right?

01:30.930 --> 01:34.200
Next column that we have is source.

01:34.470 --> 01:39.210
So this column displays the IP address of sender.

01:39.300 --> 01:39.660
Right.

01:39.690 --> 01:48.420
Who has sent the packet and destination column displays the IP address of a receiver or destination?

01:48.720 --> 01:51.900
Let me take an example of packet number five.

01:52.140 --> 02:01.560
So sender of the packet number five is this IP address 102.68 and the receiver is IP address, which

02:01.560 --> 02:05.880
is under the destination column 209.48.

02:05.910 --> 02:06.270
Right.

02:06.330 --> 02:09.090
Then we have protocol column.

02:09.150 --> 02:12.630
Protocol column displays the protocol type.

02:12.660 --> 02:19.370
As you can see, we have all types of traffic or protocol here, TCP, ICMP, right.

02:19.710 --> 02:28.590
Then we have learned length column displays the length of each packet in bytes.

02:28.830 --> 02:34.080
So length of let's say packet number four is 86 bytes.

02:34.230 --> 02:41.690
Remember, guys, Wireshark does not include the FCC frame check sequencer.

02:41.850 --> 02:45.120
The size of FC s is food bytes.

02:45.570 --> 02:52.850
So whatever number you see in the last column add plus food to it.

02:53.250 --> 03:00.200
So the actual size of packet number food is 86 plus four, which is 90.

03:00.240 --> 03:07.020
Now info column gives you a brief summary of packets content.

03:07.140 --> 03:11.220
What content or payload each packet contains.

03:11.220 --> 03:11.640
Right?

03:12.030 --> 03:16.350
Now let's say you don't want the destination column.

03:16.500 --> 03:18.310
You want to remove it.

03:18.330 --> 03:21.570
All you have to do right click on any column.

03:21.780 --> 03:23.770
Now click on destination.

03:23.790 --> 03:30.270
As you can see, the destination column has been removed to get it back again.

03:30.300 --> 03:35.820
Right click on any column and and you select destination and it is back.

03:36.120 --> 03:39.480
Now let's customize these columns.

03:40.170 --> 03:45.420
We can, you know, add our own columns to this list.

03:45.990 --> 03:52.380
I want to add Mac address of sender and receiver as well.

03:52.500 --> 03:52.950
Okay.

03:53.220 --> 03:55.080
It is actually easy, right.

03:55.080 --> 04:04.830
Click on any column, click on column preferences or you can go to the added preferences and click on

04:04.860 --> 04:06.660
columns right here.

04:06.720 --> 04:10.200
We can modify and add new columns.

04:10.950 --> 04:13.110
Let's add a new column.

04:13.260 --> 04:16.100
Click on plus button at the bottom.

04:16.110 --> 04:19.260
As you can see, a new column has been added.

04:19.500 --> 04:21.060
Now double click on the title.

04:21.060 --> 04:23.400
I'm going to give it to source.

04:23.790 --> 04:28.770
Mac Press Enter now double click on the number.

04:29.010 --> 04:34.650
As you can see, it has brought this dropdown or down arrow, click on it.

04:34.860 --> 04:40.530
Now you can select, you know, whatever field you want from this list.

04:40.620 --> 04:44.280
For now, I want the Mac address of sender.

04:44.610 --> 04:45.660
So here it is.

04:45.810 --> 04:48.600
Hardware source address again.

04:48.720 --> 04:50.580
Let me add another field.

04:50.850 --> 04:54.060
Click on plus double click on title.

04:54.390 --> 04:57.660
Destination Mac Press.

04:57.660 --> 04:59.730
Enter double click on a number of.

05:00.200 --> 05:00.980
Drop down.

05:01.610 --> 05:04.090
This is the hardware or destination address.

05:04.160 --> 05:05.420
I'm going to select it.

05:05.840 --> 05:06.720
And this way, guys.

05:06.740 --> 05:10.820
You can add as many fields as you like.

05:11.270 --> 05:13.970
Now click on okay to apply changes.

05:14.270 --> 05:14.540
Okay.

05:14.540 --> 05:18.590
It is going to take a few seconds to, you know, apply changes.

05:18.770 --> 05:20.510
Columns have been added.

05:20.630 --> 05:22.280
Now let me scroll.

05:23.390 --> 05:23.740
Okay.

05:23.750 --> 05:27.980
I'm going to resize the info column.

05:28.400 --> 05:35.450
Now, as you can see, guys, we have source and destination Mac address fields as well.

05:35.630 --> 05:36.140
Right.

05:36.410 --> 05:41.320
And in order to remove, let me go to the column preferences.

05:41.330 --> 05:48.470
All you have to do, let's say you want to remove destination, then click on the field that you want

05:48.530 --> 05:49.510
to remove.

05:49.520 --> 05:52.810
Then click on minus button again.

05:52.820 --> 05:57.020
I'm going to remove this source Mac Field as well.

05:57.380 --> 05:58.440
Click on minus.

05:58.490 --> 05:59.420
Click on okay.

05:59.420 --> 06:00.440
To apply changes.

06:00.440 --> 06:05.090
As you can see, both the fields have been removed, right?

06:05.210 --> 06:10.580
Now, another way to add columns or fields is very simple.

06:10.850 --> 06:17.660
So let me pull up the packet details section and expand the DHCP header values.

06:17.840 --> 06:20.870
Now let's say you want to add source board.

06:20.990 --> 06:26.180
All you have to do right click on it and then click on apply as column.

06:26.300 --> 06:31.370
As you can see, where is the source board field has been added right?

06:31.370 --> 06:35.870
In the same way you can add any columns that you want.

06:35.930 --> 06:36.190
Right.

06:36.200 --> 06:37.790
It is as easy as that.

06:37.850 --> 06:40.820
Right click and then click on apply as column.

06:40.970 --> 06:44.780
Now we have the your destination port field as well.

06:45.020 --> 06:53.540
So guys, in this way, you can add any field from the protocols in the packet details section.

06:53.690 --> 06:54.060
Right.