Re: How does Wireshark do name resolution?

[Guy Harris <guy () alum mit edu>]

On Jan 6, 2010, at 12:17 AM, Richard Brooks wrote:

> I am writing an interface to Snort's MySQL database. The interface currently
> uses nslookup to try and resolve ip addresses to their human friendly names,
> but Wireshark is doing a much better job than nslookup. For example using
> nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net',
> however Wireshark correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.

"Correctly"?

        $ host bskyb-pop3-ssl.l.google.com   
        bskyb-pop3-ssl.l.google.com has address 74.125.127.208

Doesn't look like 216.239.59.208 to me.  Do you have "host" on your machine?  If so, what does it resolve 
bskyb-pop3-ssl.l.google.com to?  And what do you get for "host -a 216.239.59.208", "host -a gv-in-f208.1e100.net", and 
"host -a bskyb-pop3-ssl.l.google.com"?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe