LabEx
Log InJoin For Free

Customize Wireshark Column Display

WiresharkWiresharkBeginner
Practice Now

Introduction

In this challenge, you'll learn to customize the Wireshark column display to quickly identify potential threats. Specifically, you'll configure Wireshark to add a "Source IP" column to the Packet List Pane, displaying the ip.src field for immediate threat assessment during a potential HTTP attack.

The process involves opening Wireshark, accessing Column Preferences by right-clicking a column header, adding a new column titled "Source IP" with the field name ip.src, and verifying that the new column correctly displays the source IP addresses of captured packets. This allows for rapid identification of attacking IP addresses.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL wireshark(("Wireshark")) -.-> wireshark/WiresharkGroup(["Wireshark"]) wireshark/WiresharkGroup -.-> wireshark/display_filters("Display Filters") subgraph Lab Skills wireshark/display_filters -.-> lab-548785{{"Customize Wireshark Column Display"}} end

Customize Wireshark Column Display

A critical server is under a potential HTTP attack. Quickly configure Wireshark to display source IPs for immediate threat assessment.

Tasks

  • Add a "Source IP" column to the Packet List Pane showing the ip.src field.
  • Hide the original "Source" column.

Requirements

  1. Open Wireshark.
  2. Right-click on any existing column header in the Packet List Pane.
  3. Select Column Preferences.
  4. Add a new column with the title Source IP and the field name ip.src.
  5. Hide the original "Source" column.
  6. Ensure the new column displays the source IP addresses of the captured packets.

Examples

After completing the challenge, the Wireshark Packet List Pane should display a new column labeled "Source IP" showing the IP addresses from which the packets originated. For example:

Source IP column
No. Time Source IP Destination Protocol Length Info
1 0.000000 192.168.1.100 8.8.8.8 DNS 78 Standard query A google.com
2 0.001000 8.8.8.8 192.168.1.100 DNS 94 Standard query response A 142.250.184.142

Hints

  • Right-clicking on a column header provides access to column preferences.
  • In the Column Preferences window, use the "+" button to add a new column.
  • The "Field type" should be set to "Custom".
  • The "Field name" is case-sensitive.
โœจ Check Solution and Practice

Summary

In this challenge, the objective is to customize the Wireshark column display to aid in identifying potential HTTP attacks by quickly displaying source IP addresses. This involves opening Wireshark, accessing the Column Preferences by right-clicking on a column header, and adding a new column titled "Source IP" with the field name ip.src.

The key learning point is how to customize Wireshark's interface to display specific packet information, in this case, the source IP address, which is crucial for threat assessment. This customization allows for efficient analysis of network traffic by highlighting relevant data directly in the Packet List Pane.

Related Wireshark Courses
Quick Start with Wireshark

Quick Start with Wireshark

Cybersecurity
Beginner