Wireshark-users: Re: [Wireshark-users] Arbitrarily labelling src / dst IPs?
From: "Simon Mullis" <[email protected]>
Date: Wed, 27 Sep 2006 13:13:57 +0100
Hmmmm...

I'm using Windows XP.

I create a 'hosts' file in the same directory as my personal
preferences file (%USERPROFILE%\Application Data\Wireshark\)

I create a couple of hosts entries:

a.b.c.d testing
d.e.f.g othertest

I start wireshark and load the dump with the IPs a.b.c.d and d.e.f.g
(both RFC1918).

The IPs are still IPs.  I then click "View -> Name Resolution -> Resolve Name"

Nothing....

I've tried both Unix and Dos style line endings in the hosts file also.

Any ideas?

SM

On 9/27/06, Simon Mullis <[email protected]> wrote:
Jaap - Many thanks!

Who would have thought that reading the manual would be so productive.... ;-)

Regards,

SM

On 9/27/06, Jaap Keuter <[email protected]> wrote:
> Hi,
>
> From the MAN page:
> -----------------8<------------------------------------
>        Name Resolution (hosts)
>            If the personal hosts file exists, it is used to resolve IPv4
>            and IPv6 addresses before any other attempts are made to
>            resolve them.  The file has the standard hosts file syntax;
>            each line contains one IP address and name, separated by
>            whitespace. The same directory as for the personal preferences
>            file is used.
> -----------------8<------------------------------------
>
> So this is very possible indeed :)
>
> Thanx,
> Jaap
>
> On Wed, 27 Sep 2006, Simon Mullis wrote:
>
> > Hi all,
> >
> > I have to look at a lot of tcpdumps on a regular basis and am finding
> > that all of the IPs are merging into one and difficult to keep track
> > of when I'm looking at a trace.
> >
> > Is there a way of arbitrarily labelling certain src / dst IPs
> >
> > eg.
> >
> > 10.1.1.3 = PROXY
> > 192.168.9.1 = WWW1
> > 192.168.9.20 = WWW2
> > 172.16.34.34 = CLIENT
> >
> > Obviously I'd like to be able to do this within WireShark itself but
> > if necessary I could pre-process the tcpdump files against a
> > match-list (maybe I'll write a script if there's nothing else out
> > there).
> >
> > I cannot use DNS resolution as all of the dumps are from client sites
> > and generally use RFC1918 addressing so DNS lookup will not work (and
> > I would rather not create a new Zone file for each tcpdump I analyse).
> >  I've tried using my /etc/hosts file but it doesn't seem to work (on
> > Win32 at least).
> >
> > I would find this very, very useful.
> >
> > Thanks in advance
> >
> > SM
> >
> > --
> > Simon Mullis
> > _________________
> > [email protected]
> > _______________________________________________
> > Wireshark-users mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >
>
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>


--
Simon Mullis
_________________
[email protected]


--
Simon Mullis
_________________
[email protected]