To see the details of your capture, there are a few enhancements that include the ability to zoom in, expand the subtrees, and colorize the conversation:

• Zoom: This allows you to zoom in, zoom out, or return to normal size.
• Subtrees: Within a packet capture, Wireshark will collapse the details of a protocol header. When you expand the subtree, you can see the details of the protocol. With the subtrees, you can do the following:
  • Expand subtrees
  • Collapse subtrees
  • Expand all
  • Collapse all

As shown in the following screenshot, the expanded UDP subtree provides a detailed view of all of the field values in the UDP header:

• Colorize Packet List: This is a shortcut to turn on or off the coloring rules. This shortcut is also available on the main toolbar (under the Telephony menu).
• Coloring Rules: This opens a dialog box where you can modify the coloring rules or create a new coloring rule.
• Colorize Conversation: This will colorize a conversation between two endpoints. You will have a choice as to what you would like to colorize—that is, Ethernet, IPv4, or UDP—along with providing a choice of colors from which you can select, as shown in the following screenshot:

The last grouping of menu choices provides ways to refresh the view to reload, resize, show the packet in a new window, or view the internals.