Across the top of the Expert Information interface, you will see the following column headers:

The following bullets outline what each column header indicates:

• Severity: Indicates the severity of the error identified. In the preceding screenshot, the severity is listed as Note.
• Summary: Provides a summary of the error and combines all the errors that are the same under one drop-down summary. For example, in the preceding screenshot, the summary is Duplicate ACK (#1). Once you expand the line, you can drill down into the individual packets to see more details on each error listed.

• Group: Within each summary, there are several common groupings, including these:
  • Checksum: Invalid checksum
  • Protocol: A violation of the Request for Comments (RFC) for a particular protocol
  • Sequence: Suspicious protocol behavior
• Protocol: Lists the main protocol that was in use that caused the alert, such as TCP, as shown in the preceding screenshot.
• Count: Provides a count of the number of references for the particular event grouping. For example, on the top right-hand side of the Expert information grouped by severity screenshot, we see there is a count of 36104 Duplicate ACK.

As shown, the column headers highlights detail of what the packet contains. Within the expert system, Wireshark outlines the level of severity by using color, as we'll see in the following section.