Re: Wireshark hosts file location

["Maynard, Chris" <Christopher.Maynard () IGT com>]

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11470

- Chris

From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jasper Bongertz
Sent: Thursday, March 21, 2019 6:38 AM
To: Roland Knall <rknall () gmail com>; Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Wireshark hosts file location

Hi Roland,

When network name resolution is enabled, Wireshark tries to resolve names via hosts file, DNS reverse lookup and by 
using DNS answer records it found in the pcap. There might be more mechanisms, but these are the ones I am currently 
aware of.

I would expect it to work like this: there should be a priority of the lookup where the hosts file has the highest 
priority because that's the one a user can influence and override values she/he doesn't like, e.g. things like DNS 
resolutions found in the pcap. Second are the DNS answers found in the pcap, and finally an active reverse lookup 
(unless disabled in the preferences)

For the hosts file, there should be a prioritized list of where to look: current profile folder, Wireshark install 
folder (because some people put theirs there in the past, like me), and finally the system hosts file. That would allow 
creating different profiles with alternative hosts files a user can switch.

Cheers,
Jasper

No, currently Wireshark does not switch hosts files with the profiles (to be quite honest, wasn't even aware, that we 
support something like using non-system hosts files at all).

Currently I am in the middle of rewriting the profile system and can put this on the todo list. Could you describe the 
behavior a little bit?

kind regards
Roland

Am Do., 21. März 2019 um 10:17 Uhr schrieb Jasper Bongertz <jasper () packet-foo com<mailto:jasper () packet-foo com>>:

Hi Graham,

I just saw this: https://ask.wireshark.org/question/8014/hosts-file-manager/

My first impulse was "put the hosts in a profile directory and switch it via profiles", but when I tested that it 
didn't work (no names resolved). I'm not sure if the hosts file is even read when it's in a profile directory, or where 
exactly Wireshark expects a hosts file. Do you know if that's supposed to work?

Cheers,
Jasper


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe





jasper () packet-foo com<mailto:jasper () packet-foo com>
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the 
addressee. If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe