Wireshark is probably my favorite networking tool. Its value in troubleshooting the most peculiar network issues cannot be overstated, as it allows the engineer to analyze virtually every bit to traverse the wire. However, not many people realize its functionality can be customized to suite its operator's preference or situation.

One of my favorite modifications is to add columns to the list pane, to provide quick access to statistics and packet attributes only otherwise available in the individual packet details. In addition to the default columns listing packet number, protocol, source and destination addresses, and so forth, Wireshark supports a plethora of other helpful details. Some of my favorites:

• 802.1Q VLAN ID
• Delta time (the time between captured packets)
• Frame relay DLCI
• DSCP/CoS
• Packet length

Consider the following capture of an OSPF adjacency being formed:

From the list view, it's not readily apparent which packets consume the most bandwidth. To add a packet length column, navigate to Edit > Preferences and select User Interface > Columns. Click New, and define the column's title. From the Format list, select Packet length (bytes). Use the up and down arrows to position the column in the list.

Click OK and the list view should now display each packet's length listed in the new column.