Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] Re: [Ethereal-users] Network-layer resolution (Was: Ethereal)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ian Schorr <ethereal@xxxxxxxxxxxxx>
Date: Tue, 20 Apr 2004 18:01:06 -0400
Hmm... Interesting. Someone else was asking me how to do this today, and we noticed that in Windows (at least WinXP), entries that are exclusively in the hosts file aren't resolved if "Enable concurrent DNS requests" is enabled.
I'm assuming this is because ADNS isn't following the Windows host resolution order, it simply makes calls to DNS and ignores hosts, lmhosts, WINS, etc.
I just hadn't noticed that before - am I correct? If so, it's a bit of a gotcha that might make sense to add as an entry in the FAQ (or better yet, in the upcoming Wiki documentation =) 

The situation also reminds me of a couple of things I wanted to discuss:

Topic #1:
Periodically (though rarely) I DO want to do some network-level name resolution. However, I almost NEVER look at traffic from systems within my own network, so DNS resolution is pretty useless to me. I usually want to just add some entries to my host file to force names to appear in the Dest/Source columns in the packet list. On unix-like systems I can then go edit search order or something to only look at "hosts", but otherwise opening a trace can be very, very (very!) slow. On Windows I don't really have this option anyway. Is there a better way to force only name resolution resolution from a certain source? Would it be difficult and/or a good idea to add a feature that allows forced mapping of addresses to certain names WITHIN Ethereal? 

Topic #2:
I've noticed that in some cases when MAC name resolution is turned on, the address is resolved into an IP address instead of OID+bytes. I haven't sat down to try to figure out when this happens - I'm assuming Ethereal is doing some ARP inspection or something like that. I almost NEVER want to see MAC addresses resolved into a name, I'd rather always see an attempted OID resolution. It would be great if either 1) This behavior could be disabled, or 2) The IP address is displayed in ADDITION to the resolved MAC "name". Do others agree? I prefer #2 since it seems a bit more intuitive and I hate adding unnecessary preferences, but perhaps I'm forgetting something. 

Ian

On Apr 19, 2004, at 9:52 PM, Andrew Hood wrote:


Hernandez Robert NPRI wrote:
| Hi
|
| I wanted to set up an IP naming convention in Ethereal.  For instance
in place of 156.8.234.5 it will display the word "banana", in place of
156.124.54.56 it will display the word "green", etc.
|
| Is this possible? If  so how would I do it?

Put them in your hosts file like this:

156.8.234.5 banana
156.124.54.56 green

Exactly what name the file has depends on your O/S
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube