Wireshark-users: [Wireshark-users] Arbitrarily labelling src / dst IPs?
From: "Simon Mullis" <[email protected]>
Date: Wed, 27 Sep 2006 12:44:47 +0100
Hi all,

I have to look at a lot of tcpdumps on a regular basis and am finding
that all of the IPs are merging into one and difficult to keep track
of when I'm looking at a trace.

Is there a way of arbitrarily labelling certain src / dst IPs

eg. = PROXY = WWW1 = WWW2 = CLIENT

Obviously I'd like to be able to do this within WireShark itself but
if necessary I could pre-process the tcpdump files against a
match-list (maybe I'll write a script if there's nothing else out

I cannot use DNS resolution as all of the dumps are from client sites
and generally use RFC1918 addressing so DNS lookup will not work (and
I would rather not create a new Zone file for each tcpdump I analyse).
I've tried using my /etc/hosts file but it doesn't seem to work (on
Win32 at least).

I would find this very, very useful.

Thanks in advance


Simon Mullis
[email protected]