As shown at Atmosphere 19' Las Vegas, it is quite useful to add custom columns in Wireshark for anything you analyze on a regular basis to improve the efficiency of browsing through a large sniffer trace file for analyzing WiFi frames. The following are 3 possible options to add custom columns.
Option 1: Add several custom columns at a time by editing the "preferences" file
The custom column list below can be added to your Wireshark's "preferences" file located in the profiles folder. The column configuration section in the “preferences” file is found under “gui.column.format”.
(Note: These custom column filters were based on using Wireshark version 2.6.3)
"
####### User Interface: Columns ########
# Packet list hidden columns
# List all columns to hide in the packet list.
gui.column.hidden:
# Packet list column format
# Each pair of strings consists of a column title and its format
gui.column.format:
"No.", "%m",
"Time", "%t",
"Source", "%s",
"Destination", "%d",
"TA", "%Cus:wlan.ta:0:R",
"RA", "%Cus:wlan.ra:0:R",
"Channel", "%Cus:wlan_radio.channel:0:R",
"CH Bandwith", "%Cus:wlan_radio.11n.bandwidth:0:R",
"RSSI", "%e",
"TX DataRate", "%x",
"Protocol", "%p",
"Length", "%L",
"Info", "%i",
"SSID", "%Cus:wlan.ssid:0:R",
"Duration", "%Cus:wlan.duration:0:R",
"WMM", "%Cus:wlan.qos.priority:0:R",
"BA Action Code", "%Cus:wlan.fixed.action_code:0:R",
".11 Seq#", "%Cus:wlan.seq:0:R",
"BAR StrtSq#", "%Cus:wlan.fixed.ssc.sequence:0:R",
"QoS TID", "%Cus:wlan.qos.tid:0:R",
"BA TID", "%Cus:wlan.ba.basic.tidinfo:0:R",
"BA Bitmap", "%Cus:wlan.ba.bm:0:R",
".11 Status Code", "%Cus:wlan.fixed.status_code:0:R",
"VHT Action", "%Cus:wlan.vht.action:0:R",
"Auth Key Management (AKM) Suite", "%Cus:wlan.rsn.akms:0:R",
"RM ActionCode", "%Cus:wlan.rm.action_code:0:R",
"PWR MGT", "%Cus:wlan.fc.pwrmgt:0:R",
"Retry", "%Cus:wlan.fc.retry:0:R"
"
Possible preference file locations on different OS:
Windows OS:
<Drive letter>:\Users\<Logged in User Name>\AppData\Roaming\Wireshark\profiles\<Your Current Profile Name>
MacOS:
/Users/<Logged in User Name>/.wireshark
or if using a profile that is not "Default"
/Users/<Logged in User Name>/.wireshark/profiles
Other OS and possible locations:
https://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html
These rules are permanently saved and used each time Wireshark is started.
Option 2: Add a new column to Wireshark’s Packet List pane by editing Preferences in the UI.
Option 3: Add a new custom column within Wireshark's Packet Details Frame
For your reference:
The basics and the syntax of Wireshark's display filters are described in their User's Guide.
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
The master list of Wireshark's display filter protocol fields can be found in the following url:
https://www.wireshark.org/docs/dfref/
In case it helps, most WLAN/Radio/EAPOL filters from this Wireshark list have been cut-and-pasted into the attached XLSX file.