Wireshark-dev: Re: [Wireshark-dev] About the ip address -host name conversion module in wiresha
From: Jim Wright <[email protected]>
Date: Wed, 23 May 2012 10:21:49 -0600
"whois" shows you who the domain is registered to. If you are looking for shell commands rather than library routines, then "host" or "nslookup" might work for you.

% host wireshark.com
wireshark.com has address 184.172.141.116

% host 184.172.141.116
116.141.172.184.in-addr.arpa domain name pointer seq.sequoiahosting.com.

However, as the example above shows the result you get depends on the reverse DNS entry. Some organizations do not even supply reverse DNS, in other cases you will get the name of the company or machine which supplies the virtual hosting for a domain name.

Hope this helps.


On May 23, 2012, at 4:00 AM, nangergong wrote:

> HI, all:
> 
>      I noticed that wireshark can show the host name(or website url) for an ip address precisely. I need such a function which can convert an IP address to the host name precisely. With linux command "whois", the result is very coarse. Can anyone tell how wireshark did the conversion and can I write some scripts or a small program to do this? I mean the input is an IP address while the output is a host name or URL, Thanks!
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:[email protected]?subject=unsubscribe