In Wireshark, you can do more than simply expand or shrink the column headers while in the interface. This section explains some ways to improve the way you visualize columns.

To customize your columns, go to Edit, then Preferences, and then Columns, as shown in the following screenshot:

Once selected, you will see a list of columns. Some are present by default, and some are columns you may have added. You can select the checkbox to make the column visible or deselect the checkbox to hide the column. In addition, you can add or remove columns.

Along the top of the dialog box, you will see the following selections:

• Displayed: When checked, this column will be displayed on the interface.
• Title: This is the name of the column header. Wireshark will automatically create a name if you right-click and add a column. However, you can change the title name to personalize the column header.

• Type: This lists the type of value that is in the column. Within the drop-down menu, there are many pre-loaded column types, as shown in the following screenshot, where I have dropped down the type selection for the Info column header:

• Fields: This identifies the field where the column value originated from. In the preceding screenshot, there is a column header called Packet Comments (pkt_comment). That is because that column header was generated by right-clicking on a packet comment and selecting Apply a Column. Wireshark identifies that column header as the pkt_comment field value.

• Field Occurrence: This only used on a custom column definition. In the Wireshark Preferences dialog box—Columns screenshot, you can see there are values of 1 and 2 in the Field Occurrence column. When selected, the column headers will appear in this order:
  
  • IP Main ICMP will appear first.
  • IP Nested ICMP will appear second.

To add a column, select the plus sign. Identify the name by typing in an appropriate label where it says New Column, and then identify the type by using the drop-down menu and selecting a type. You can also remove columns by selecting the column you don't want and hitting the minus sign.

In addition, once in the interface, you can align the columns by right-clicking and selecting the way you want your columns to align: either left, center, or right as shown here:

Most other column headers are fairly straightforward in how they are used. However, one you may not be familiar with or use very often is Field Occurrence. Therefore, let's walk through how and why you would use a Field occurrence column header.