Wireshark mailing list archives
Re: How does Wireshark do name resolution?
From: Richard Brooks <richardbuk () sky com>
Date: Wed, 6 Jan 2010 20:55:53 -0000
I think that Sky have more than one email server/mirror. Try doing an nslookup on '74.125.127.208', on my PC it came back as 'pz-inf208.1e100.net'. Or if on another day you get yet another ip address returned by nslookup on 'bskyb-pop3-ssl.l.google.com', feed that ip into nslookup and see what comes back. I bet you it won't be 'bskyb-pop3-ssl.l.google.com'. Regards Richard <RichardBUK () Sky com> -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Guy Harris Sent: 06 January 2010 20:42 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] How does Wireshark do name resolution? On Jan 6, 2010, at 12:17 AM, Richard Brooks wrote:
I am writing an interface to Snort's MySQL database. The interface
currently
uses nslookup to try and resolve ip addresses to their human friendly
names,
but Wireshark is doing a much better job than nslookup. For example using nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net', however Wireshark correctly resolves this ip address to the much more meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive than the previous effort.
"Correctly"? $ host bskyb-pop3-ssl.l.google.com bskyb-pop3-ssl.l.google.com has address 74.125.127.208 Doesn't look like 216.239.59.208 to me. Do you have "host" on your machine? If so, what does it resolve bskyb-pop3-ssl.l.google.com to? And what do you get for "host -a 216.239.59.208", "host -a gv-in-f208.1e100.net", and "host -a bskyb-pop3-ssl.l.google.com"? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Maynard, Chris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Maynard, Chris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Maynard, Chris (Jan 06)
- Re: How does Wireshark do name resolution? Guy Harris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Guy Harris (Jan 06)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)
- Re: How does Wireshark do name resolution? Andrew Hood (Jan 07)
- Re: How does Wireshark do name resolution? Martin Visser (Jan 07)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 07)
- Re: How does Wireshark do name resolution? Andrew Hood (Jan 08)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 09)
- Re: How does Wireshark do name resolution? Richard Brooks (Jan 06)