Wireshark · Wireshark-users: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?

Wireshark-users: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?

From: "Simon Mullis" <simon@xxxxxxxxxxxx>

Date: Wed, 27 Sep 2006 13:02:52 +0100

Jaap - Many thanks!

Who would have thought that reading the manual would be so productive.... ;-)

Regards,

SM

On 9/27/06, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

Hi,

From the MAN page:
-----------------8<------------------------------------
       Name Resolution (hosts)
           If the personal hosts file exists, it is used to resolve IPv4
           and IPv6 addresses before any other attempts are made to
           resolve them.  The file has the standard hosts file syntax;
           each line contains one IP address and name, separated by
           whitespace. The same directory as for the personal preferences
           file is used.
-----------------8<------------------------------------

So this is very possible indeed :)

Thanx,
Jaap

On Wed, 27 Sep 2006, Simon Mullis wrote:

> Hi all,
>
> I have to look at a lot of tcpdumps on a regular basis and am finding
> that all of the IPs are merging into one and difficult to keep track
> of when I'm looking at a trace.
>
> Is there a way of arbitrarily labelling certain src / dst IPs
>
> eg.
>
> 10.1.1.3 = PROXY
> 192.168.9.1 = WWW1
> 192.168.9.20 = WWW2
> 172.16.34.34 = CLIENT
>
> Obviously I'd like to be able to do this within WireShark itself but
> if necessary I could pre-process the tcpdump files against a
> match-list (maybe I'll write a script if there's nothing else out
> there).
>
> I cannot use DNS resolution as all of the dumps are from client sites
> and generally use RFC1918 addressing so DNS lookup will not work (and
> I would rather not create a new Zone file for each tcpdump I analyse).
>  I've tried using my /etc/hosts file but it doesn't seem to work (on
> Win32 at least).
>
> I would find this very, very useful.
>
> Thanks in advance
>
> SM
>
> --
> Simon Mullis
> _________________
> simon@xxxxxxxxxxxx
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



--
Simon Mullis
_________________
simon@xxxxxxxxxxxx

Follow-Ups:
- Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
  - From: Simon Mullis

References:
- [Wireshark-users] Arbitrarily labelling src / dst IPs?
  - From: Simon Mullis
- Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
Next by Date: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
Previous by thread: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
Next by thread: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
Index(es):
- Date
- Thread