Wireshark mailing list archives
Re: How does Wireshark do name resolution?
From: Andrew Hood <ajhood () fl net au>
Date: Fri, 08 Jan 2010 22:33:49 +1100
This really belongs in "users", but since it is here ... Richard Brooks wrote:
Wireshark must have got the 'bskyb-pop3-ssl.l.google.com' result somehow. I can do an nslookup just after Wireshark comes back with 'bskyb-pop3-ssl.l.google.com' but I still get the same old vanilla flavoured 'pz-in-f208.1e100.net'.
Maybe I didn't express it well enough. One of the gurus might please confirm. If I remember correctly, when Wireshark detects a DNS reply packet in the datastream it will use the info in that packet to do IP/name resolution. That means that the names you get in your decoded output can vary depending on which packets are in your trace. If there are no suitable packets in the trace Wireshark will do DNS lookups to to the IP/name resolution. So if your trace has: DNS query for bskyb-pop3-ssl.l.google.com DNS response bskyb-pop3-ssl.l.google.com is 74.125.155.208 TCP conversation with 74.125.155.208 then 74.125.155.208 will be reported as bskyb-pop3-ssl.l.google.com If it has: TCP conversation with 74.125.155.208 DNS query for 74.125.155.208 (with realtime DNS resolution Wireshark might issue this query itself) DNS reply 74.125.155.208 is px-in-f208.1e100.net then 74.125.155.208 will be reported as px-in-f208.1e100.net If realtime resolution is off, Wireshark will do the query when you decide the tace and you will again get px-in-f208.1e100.net. If you choose to put entries in your hosts file, you can tell whatever lies you like in your output. -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: How does Wireshark do name resolution?, (continued)
- Re: How does Wireshark do name resolution? Maynard, Chris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Guy Harris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Guy Harris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Andrew Hood (Jan 07)
- Re: How does Wireshark do name resolution? Martin Visser (Jan 07)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 07)
- Re: How does Wireshark do name resolution? Andrew Hood (Jan 08)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 09)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)