Technical notes › Customise Wireshark’s font, theme, and columns

I find the default Wireshark interface hard-to-read. The interface doesn’t fit the data, and the columns all just blend together for me. So, I like to make a couple of changes.

I wrote about these changes in Waltzing with Wireshark, but that post pre-dates these technical notes, and they’re worth repeating here. Here is what my Wireshark looks like:

• Because we’re dealing with wide tables of text, I recommend changing the font to one that takes up less horizontal space. A thinner font such as Iosevka lets Wireshark pack more data in, so you don’t have to scroll as much.
• The Time column can be made slimmer by setting the menu option View → Time Display Format → Millisecond. Timestamps with three decimal places are still accurate enough for almost anything.
• By right-clicking the column headings of the table, you can right-align or centre-align their data. I find that changing this setting for certain columns makes the table more readable by spacing the data out, and lets you more easily tell which piece of data is which. (And timestamps should be right-aligned anyway, because they’re numeric.)

Finally, in the Layout section of Wireshark’s settings, you can put the two panes of data at the bottom — the packet tree and the hexadecimal data — side-by-side, so they take up less space.∎