Wireshark-bugs: [Wireshark-bugs] [Bug 10036] New: Address Resolution using reverse lookup answer
Date: Thu, 24 Apr 2014 11:00:58 +0000
Bug ID 10036
Summary Address Resolution using reverse lookup answers
Classification Unclassified
Product Wireshark
Version 1.10.7
Hardware x86
OS All
Severity Normal
Priority Low
Component Wireshark
Assignee [email protected]
Reporter [email protected]

Created attachment 12724 [details]
capture file with dns reverse lookup resolving to f5pams21

Build Information:
wireshark 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Apr 22 2014), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version, based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel Xeon E312xx (Sandy Bridge), with 3558MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219
Wireshark "Statistic -> Show address resolution" or tshark -qz hosts  uses DNS
traffic within a capture to resolve ip addresses to domain names.
If a trace contains reverse lookups (type PTR) the positive answers from DNS is
not used for this purpose. 

It would be of great benefit if also those DNS answers could be used to resolve
ip addresses to names.

You are receiving this mail because:
  • You are watching all bug changes.