Wireshark Hints: Multi-column

Wireshark comes with powerful and flexible columns features. We can add any number of columns, sort them and so on. I’m pretty sure any analyst has his own set of profiles with different columns.

The easiest way to add a column is the next: select a packet of interest, find the field you wanna build column of, right click -> “Apply as column”

And we’ll get needed column:

Nice and handy feature!

Now let’s proceed to the hint.

Read more…

Wireshark Hints: be aware of your current config!

After upgrading Wireshark to version 2.4.0rc1 today I suddenly realized that PCAP files began to open very slowly. No, not just very slowly, but waaaay too sloooow:

12 MB file was opened in 45 seconds! 143 MB file was opened in 5 minutes and Wireshark took more than 2,5 Gigs of RAM.

“Hmmm, what could be the problem”, I thought…
Read more…