• Preferences
• NameResolution

Preferences/Name Resolution

Enable MAC name resolution:

Resolve the OUI portions of MAC addresses (the first three bytes) to names.

• Example: "02:A0:C9:05:04:03" to "Intel_05:04:03"

Enable network name resolution:

Resolve IP addresses to computer names.

• Example: "10.5.6.7" to "mail-07.example.com"

See the Enable concurrent DNS name resolution entry below for more information.

Enable transport name resolution:

Convert port names to protocol names.

• Example: "25" to "smtp"

Enable concurrent DNS name resolution:

Enable the program to send multiple requests to a DNS server to resolve IP or network names. If this option is disabled, only one host name can be resolved at any given time.

There is a potential performance vs functionality tradeoff with this feature. Concurrent DNS resolution is usually much faster than normal resolution. However, non-DNS forms of host name resolution (such as WINS or NIS) will not be used if this option is enabled.

Maximum concurrent requests:

The maximum number of open requests that the program can have with the DNS server.

Add Arbitrary Labels to src / dst IPs in a trace:

If you don't have a brain the size of a planet and sometimes get a little confused when looking at loads of different traces in a day (“what was 172.16.29.145 again?”) you might find this useful…

• Create a file called hosts in your %USERPROFILE%\Application Data\Wireshark\ directory. (i.e. NOT in the standard place for the Windows hosts file).

• Add the relevant hosts for the TCPDUMP file you are looking at:

e.g.

1.1.1.1  WWW1
1.1.1.4  WWW2
2.2.2.2  PROXY
3.3.3.3  CLIENT1
4.4.4.4  VIP1
5.5.5.5  WWW2
6.6.6.6  DNS1

…and so on…

• Make sure you enable "network layer" name resolution, save preferences and then reload the trace. All of the names are now visible in all the panes.

Makes life a lot easier!