Hmmmm...
I'm using Windows XP.
I create a 'hosts' file in the same directory as my personal
preferences file (%USERPROFILE%\Application Data\Wireshark\)
I create a couple of hosts entries:
a.b.c.d testing
d.e.f.g othertest
I start wireshark and load the dump with the IPs a.b.c.d and d.e.f.g
(both RFC1918).
The IPs are still IPs. I then click "View -> Name Resolution -> Resolve Name"
Nothing....
I've tried both Unix and Dos style line endings in the hosts file also.
Any ideas?
SM
On 9/27/06, Simon Mullis <simon@xxxxxxxxxxxx> wrote:
Jaap - Many thanks!
Who would have thought that reading the manual would be so productive.... ;-)
Regards,
SM
On 9/27/06, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> Hi,
>
> From the MAN page:
> -----------------8<------------------------------------
> Name Resolution (hosts)
> If the personal hosts file exists, it is used to resolve IPv4
> and IPv6 addresses before any other attempts are made to
> resolve them. The file has the standard hosts file syntax;
> each line contains one IP address and name, separated by
> whitespace. The same directory as for the personal preferences
> file is used.
> -----------------8<------------------------------------
>
> So this is very possible indeed :)
>
> Thanx,
> Jaap
>
> On Wed, 27 Sep 2006, Simon Mullis wrote:
>
> > Hi all,
> >
> > I have to look at a lot of tcpdumps on a regular basis and am finding
> > that all of the IPs are merging into one and difficult to keep track
> > of when I'm looking at a trace.
> >
> > Is there a way of arbitrarily labelling certain src / dst IPs
> >
> > eg.
> >
> > 10.1.1.3 = PROXY
> > 192.168.9.1 = WWW1
> > 192.168.9.20 = WWW2
> > 172.16.34.34 = CLIENT
> >
> > Obviously I'd like to be able to do this within WireShark itself but
> > if necessary I could pre-process the tcpdump files against a
> > match-list (maybe I'll write a script if there's nothing else out
> > there).
> >
> > I cannot use DNS resolution as all of the dumps are from client sites
> > and generally use RFC1918 addressing so DNS lookup will not work (and
> > I would rather not create a new Zone file for each tcpdump I analyse).
> > I've tried using my /etc/hosts file but it doesn't seem to work (on
> > Win32 at least).
> >
> > I would find this very, very useful.
> >
> > Thanks in advance
> >
> > SM
> >
> > --
> > Simon Mullis
> > _________________
> > simon@xxxxxxxxxxxx
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
--
Simon Mullis
_________________
simon@xxxxxxxxxxxx
--
Simon Mullis
_________________
simon@xxxxxxxxxxxx
