Re: About the ip address -host name conversion module in wireshark

[Jim Wright <James.R.Wright () Colorado EDU>]

"whois" shows you who the domain is registered to. If you are looking for shell commands rather than library routines, 
then "host" or "nslookup" might work for you.

% host wireshark.com
wireshark.com has address 184.172.141.116

% host 184.172.141.116
116.141.172.184.in-addr.arpa domain name pointer seq.sequoiahosting.com.

However, as the example above shows the result you get depends on the reverse DNS entry. Some organizations do not even 
supply reverse DNS, in other cases you will get the name of the company or machine which supplies the virtual hosting 
for a domain name.

Hope this helps.


On May 23, 2012, at 4:00 AM, nangergong wrote:

> HI, all:
>
>      I noticed that wireshark can show the host name(or website url) for an ip address precisely. I need such a 
> function which can convert an IP address to the host name precisely. With linux command "whois", the result is very 
> coarse. Can anyone tell how wireshark did the conversion and can I write some scripts or a small program to do this? 
> I mean the input is an IP address while the output is a host name or URL, Thanks!
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe