Michael Meade

Comment Column on Wireshark.

by

Michael Meade
in ,
The word wireshark written in black and with a line with a shark fin above the word.
The Wireshark Logo

Adding column to Wireshark.

In this tutorial, I will explain how to add a new column to Wireshark that displays comments. I have found this to be helpful at work when looking at a packet capture that has a lot of IPs, and I need to determine information about them in a quick manner.

The first step is to click the “Edit” button at the top of the program, as seen in the red box below.

The banner of Wireshark showing a red box on the Edit tab,
The Edit tab in the Wireshark menu.

After clicking edit, a drop down menu will show, now click “Preferences“.

Showing the Edit button options.
The Edit button drop down options.

Now, you need to click the “Columns” dropdown and then click the plus sign at the bottom left of the screen.

A red box over the Columns tab.
The preference of Edit button, where it shows the creation of a custom column

Pick and type in the name of the new column. In this case, we choose ‘Comments’ After typing in the new name for the column, click where the green box is below. This will open a new dropdown menu.

A green box over the time tab which shows how to change the tab on Wireshark.
The creation of a custom column that will let us edit comments fields.

Scroll and find the “Custom” entry.

The Custom Menu showing that I can add a comment.
Renaming the custom column to the word comments

Now that the new column is named and has the type, we need to type, “frame.comment” in the “Fields” column.

A red box over the frame.comment tab.
Adding frame.comments to the fields column

Now click “apply” and then “ok“. This will save the new column.

Showing the new columns named comments

Adding the new column.

After the box closes you should see a new column on the top of the screen as seen in the image above.

Showing a red box in the new column named Comments.
Showing how to add a new comment to the newly created comments fields.

Testing the new column.

Now to add a comment to a packet, “right” click you mouse on the entry you want to comment. A drop down menu will show, you should click “Packet Comments” and then click “Add new Comment..“.

Adding an example of a comment on a certain packet.
Adding the text to the column

A box like the image above will appear. This is where you should write your comment about this certain packet. I usually comment on where the IP is hosted. After you are done adding a comment, click the ‘OK‘ button to save the comment.

Showing the newly created comment for a certain request
Showing the end results of the entered comments.

The black line shows the comment made in the last step.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *