By now, you can see how easy it is to make minor changes in Wireshark to fit your workflow. In this chapter, we examined the many ways to customize the Wireshark interface. We covered how to modify choices such as recent filters and folders, along with personalizing the layout and general appearance. We learned about how easy it is to create personalized configuration profiles to include preferences, coloring rules, and font styles.

Furthermore, we discovered how to adjust columns and column headers, and how to add or remove columns. We learned about how to fine-tune the font to make packets easier to read. We also reviewed how we can change the default colors for the various identifiers, such as the text color for marked packets and the default colors for the client and server when you right-click on a packet and select Follow the Stream.

We illustrated the ability to add comments to a single packet or to the entire capture, as well as how to communicate issues to team members observed in either a single packet or the entire capture. We then learned about how to create a complex filter expression, and then create a filter button on the toolbar for commonly used filters in Wireshark to manage the workflow. Finally, we saw how to create a filter button to help manage our workflow.

In the next chapter, we will take a closer look at using display and capture filters, as well as learn about some tricks and specific rules for using display filters. We will then learn about using capture filters, including using default capture filters and how you can build your own. Finally, we will learn about how to use shortcuts to create filters and review some commonly used filters.