Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] How does ethereal reslove addresses to computer name

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 8 Aug 2002 13:38:02 -0700
On Thu, Aug 08, 2002 at 12:57:28PM -0500, Sauron wrote:
> I'm using Ethereal with WinXP. MAC addresses and IP addresses 
> from my network show up in Ethereal with the Windows' "computer 
> name" that was entered into each of the machines. Where does 
> Ethereal get that information? I don't see it in the packets.

To resolve IP addresses to names, Ethereal calls the routine
"gethostbyaddr()", which is part of the OS on UNIX and Windows.

That routine might:

	look up the address in the hosts file;

	do a DNS query to look up the name;

	on UNIX, do an NIS query to look up the name;

	on Windows, do a NetBIOS "lookup" to look up the name.

If it sees ARP packets in the capture, it might also use information
from that to associate MAC addresses with IP addresses, and thus
associate names for IP addresses with MAC addresses.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube