Wireshark · Wireshark-dev: Re: [Wireshark-dev] About the ip address -host name conversion module in wireshark

[Martin Visser <martinvisser99@xxxxxxxxx>]

In Wireshark,  it uses DNS or what ever you manually have written in the "ethers" or "hosts" file. Whois only shows assignments from the various Internet Registries.

You can of course infer names (say looking at the "Host:" header in a HTTP request) but this isn't done.

Unfortunately their is no magic to do this.

Regards, Martin

MartinVisser99@xxxxxxxxx

On 23 May 2012 20:00, nangergong <nangergong@xxxxxxxxx> wrote:

HI, all:

     I noticed that wireshark can show the host name(or website url) for an ip address precisely. I need such a function which can convert an IP address to the host name precisely. With linux command "whois", the result is very coarse. Can anyone tell how wireshark did the conversion and can I write some scripts or a small program to do this? I mean the input is an IP address while the output is a host name or URL, Thanks!

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe