How do i watch resolved and unresolved MAC simultaneously?

The thing I realized when testing for Daniils question was that

1. There is only resolved or unresolved MAC addresses depending on name resolution setting (both coloumns in 1.6.2 on my machine show the same results)
2. There is the IP address being displayed in the coloumn as soon as there is an IP header in the frame

Is this wanted?

Is what wanted?

You can have "resolved", "unresolved", or unspecified columns; "resolved" and unspecified currently mean "show the resolved value if resolution is enabled and it could be resolved" (I think the intention was that "resolved" resolves regardless of whether resolution is enabled" and "unresolved" always shows the unresolved value.

You can have source or destination columns.

You can have the link-layer ("Hw") address, the network-layer address, or just an address, which is "network-layer if it has one, link-layer otherwise.

All of those can be selected independently.

I see same results in Hw src addr(resolved) and Hw src addr(unresolved), thats what I'm talking about ! Both coloumns just change from resolved to unresolved via name resolution setting in general on my current test setup with 1.6.2

Link-layer addresses are resolved by looking in the ethers file in the Wireshark install directory, if one exists, and in your Wireshark configuration directory, if it exists, and by Wireshark looking at ARP replies and associating whatever host name is found for the IP address with the corresponding Ethernet address. Without any information from those sources, it just shows the MAC address for a "resolved" address.