Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How does Wireshark do name resolution?

From: Richard Brooks <richardbuk@xxxxxxx>
Date: Wed, 6 Jan 2010 20:55:53 -0000
I think that Sky have more than one email server/mirror. Try doing an
nslookup on '74.125.127.208', on my PC it came back as
'pz-inf208.1e100.net'. Or if on another day you get yet another ip address
returned by nslookup on 'bskyb-pop3-ssl.l.google.com', feed that ip into
nslookup and see what comes back. I bet you it won't be
'bskyb-pop3-ssl.l.google.com'.

Regards
Richard
<RichardBUK@xxxxxxx>
 
 


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: 06 January 2010 20:42
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How does Wireshark do name resolution?


On Jan 6, 2010, at 12:17 AM, Richard Brooks wrote:

> I am writing an interface to Snort's MySQL database. The interface
currently
> uses nslookup to try and resolve ip addresses to their human friendly
names,
> but Wireshark is doing a much better job than nslookup. For example using
> nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net',
> however Wireshark correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.

"Correctly"?

	$ host bskyb-pop3-ssl.l.google.com   
	bskyb-pop3-ssl.l.google.com has address 74.125.127.208

Doesn't look like 216.239.59.208 to me.  Do you have "host" on your machine?
If so, what does it resolve bskyb-pop3-ssl.l.google.com to?  And what do you
get for "host -a 216.239.59.208", "host -a gv-in-f208.1e100.net", and "host
-a bskyb-pop3-ssl.l.google.com"?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe