While analyzing a packet capture, you may observe a colored circle in the lower left-hand corner of the interface. That is the expert system, which is a feature built within Wireshark that helps to alert the network administrator of possible issues once a capture has been made.

As shown in the bigFlows using coloring rules screenshot (shown in the Exploring the Intelligent Scrollbar section), the expert system shows a red circle, which indicates an error; this is the highest expert information level. If you double-click on the circle, it will open a console, as shown in the following screenshot:

This may take a few minutes to load, depending on the size of the capture. In addition, there may be a lot of information.

The Expert Information console is a GUI that allows you to see details of what Wireshark identified in the capture, so you can investigate further. The interface is intuitive, with column headers, selection checkboxes, and drop-down lists so you can customize your viewing.

Now, let's take a look at each column header in the following section.