Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Arbitrarily labelling src / dst IPs?

From: "Simon Mullis" <simon@xxxxxxxxxxxx>
Date: Wed, 27 Sep 2006 12:44:47 +0100
Hi all,

I have to look at a lot of tcpdumps on a regular basis and am finding
that all of the IPs are merging into one and difficult to keep track
of when I'm looking at a trace.

Is there a way of arbitrarily labelling certain src / dst IPs

eg.

10.1.1.3 = PROXY
192.168.9.1 = WWW1
192.168.9.20 = WWW2
172.16.34.34 = CLIENT

Obviously I'd like to be able to do this within WireShark itself but
if necessary I could pre-process the tcpdump files against a
match-list (maybe I'll write a script if there's nothing else out
there).

I cannot use DNS resolution as all of the dumps are from client sites
and generally use RFC1918 addressing so DNS lookup will not work (and
I would rather not create a new Zone file for each tcpdump I analyse).
I've tried using my /etc/hosts file but it doesn't seem to work (on
Win32 at least).

I would find this very, very useful.

Thanks in advance

SM

--
Simon Mullis
_________________
simon@xxxxxxxxxxxx