- When you choose the Options tab, the following window will open.
- On the left (1), you can choose Display Options. These options are:
- Update list of packets in real-time: Upon checking this option, Wireshark updates packets in the packet pane in real time
- Automatic scroll during live capture: Upon checking this, Wireshark scrolls down packets in the packet pane as new packets come in
- Hide capture info dialog: By checking this, the capture info dialog is hidden
- On the right, there is the Name Resolution option. Here we can check for:
- The MAC address resolution that resolves the first part of the MAC address to the vendor ID.
- The IP address resolution that is resolved to DNS names.
- TCP/UDP port numbers that are resolved to application names. These are the port numbers; for example, TCP port 80 will be presented as HTTP, port 25 as SMTP, and so on.
There are some limitations to Wireshark name resolution. Even though Wireshark caches DNS names, resolving IP addresses is a process that requires DNS translation, and therefore it can slow down the capture. The process itself also produces additional DNS queries and responses, which you will see on the capture file. Name resolution can often fail, because the DNS you are querying is not necessarily familiar with the IP addresses in the capture file. For all these reasons, although network name resolution can be a helpful feature, you should use it carefully.