When in the preferences dialog box for TCP, you will see a list that outlines your choices, as follows:

• Show TCP summary in protocol tree: When selected, this option will show a summary of what has transpired in that packet.
• Validate the TCP checksum if possible: TCP has a checksum that is used for error detection. In most cases, this option is not selected, as the checksum will offload to the NIC and the value will be invalid and indicate an error.

• Allow subdissector to reassemble TCP streams: When selected, this will allow an upper-layer protocol to reassemble the TCP stream.
• Analyze TCP sequence numbers: This option is helpful with analysis as Wireshark will monitor the sequence numbers that help identify trouble, such as TCP retransmission, TCP duplicate acknowledgments, and TCP zero window.
• Relative sequence numbers: When used, this feature helps make the sequence numbers easier to read and compare. The relative sequence numbers start with 0 for the first packet in each stream and then increment from that point.
• Scaling factor to use not available from capture: Window scale is used to increase the maximum WS that is allowed. There are times that the scaling factor is not known, for example, when the capture started mid-stream and the handshake was not captured. This option allows you to enter a scaling factor, if known.
• Track number of bytes in flight: To see the bytes in flight, in Flow312, use the tcp.analysis.bytes_in_flight display filter, which will result in two frames. Select frame 5 and expand the SEQ/ACK analysis to see the bytes in flight, as shown here:

• Calculate conversation timestamps: This option will monitor time values and can help to find delays during TCP conversations.
• Try heuristic sub-dissectors first: This option helps Wireshark attempt to identify what type of application is used by using the port number to properly dissect the packet. By selecting Try heuristic sub-dissectors first, Wireshark will dissect the packet according to the behavior exhibited, and what Wireshark believes is the appropriate protocol.
• Ignore TCP timestamps in summary: Wireshark obtains the timestamp from the operating system kernel. Use this option if you feel the timestamp may not be accurate.

• DO not call subdissectors for error packets: Wireshark does its best to properly dissect each protocol according to the RFC. In some cases, the dissector may have incorrectly identified an error. Therefore, in some cases, it's best to check this option so that Wireshark does not continue to incorrectly dissect the packet and throw more errors.
• TCP experimental options with a magic number: In some cases, the capture may include a conversation where the TCP option is experimental, possibly used for testing. Because the option is experimental and not a standard, Wireshark needs to use a magic number to identify the option, so it can be properly dissected.
• Display process information via IPFIX: IP flow information export is a format used to analyze network traffic. When selected, Wireshark will display the process information that can be used to analyze and troubleshoot IPFIX flows.
• TCP UDP port: Use this option if you want to change the protocol's behavior. For example, the simple service discovery protocol uses UDP port 1900. If you modify this and enter TCP UDP port 1900, Wireshark will recognize and identify UDP port 1900 as TCP.

Doing analysis will involve investigating all aspects of a protocol's behavior. Now, you can see how you can personalize your preferences when working with Wireshark. This final section provides an overview of TCP teardown, which properly closes the connection between two endpoints.