Enable MAC name resolution:
Resolve the OUI portions of MAC addresses (the first three bytes) to names.
- Example: "02:A0:C9:05:04:03" to "Intel_05:04:03"
Enable network name resolution:
Resolve IP addresses to computer names.
- Example: "10.5.6.7" to "mail-07.example.com"
See the Enable concurrent DNS name resolution entry below for more information.
Enable transport name resolution:
Convert port names to protocol names.
- Example: "25" to "smtp"
Enable concurrent DNS name resolution:
Enable the program to send multiple requests to a DNS server to resolve IP or network names. If this option is disabled, only one host name can be resolved at any given time.
There is a potential performance vs functionality tradeoff with this feature. Concurrent DNS resolution is usually much faster than normal resolution. However, non-DNS forms of host name resolution (such as WINS or NIS) will not be used if this option is enabled.
Maximum concurrent requests:
The maximum number of open requests that the program can have with the DNS server.
Add Arbitrary Labels to src / dst IPs in a trace:
If you don't have a brain the size of a planet and sometimes get a little confused when looking at loads of different traces in a day (“what was 172.16.29.145 again?”) you might find this useful…
Create a file called hosts in your %USERPROFILE%\Application Data\Wireshark\ directory. (i.e. NOT in the standard place for the Windows hosts file).
- Add the relevant hosts for the TCPDUMP file you are looking at:
126.96.36.199 WWW1 188.8.131.52 WWW2 184.108.40.206 PROXY 220.127.116.11 CLIENT1 18.104.22.168 VIP1 22.214.171.124 WWW2 126.96.36.199 DNS1
…and so on…
- Make sure you enable "network layer" name resolution, save preferences and then reload the trace. All of the names are now visible in all the panes.
Makes life a lot easier!