Re: [Wireshark-users] 2 questions
> -Original Message- > From: Wireshark-users On > Behalf Of Maynard, Chris via Wireshark-users > Sent: Tuesday, February 6, 2024 12:21 PM > To: 'Community support list for Wireshark' [email protected]> > Cc: Maynard, Chris > Subject: Re: [Wireshark-users] 2 questions > > > -Original Message- > > From: Wireshark-users On > > Behalf Of Jean-Michel Collard > > Sent: Saturday, December 30, 2023 9:37 PM > > To: [email protected] > > Subject: [Wireshark-users] 2 questions > > > > When one right click on a packet there is no whois ? > Correct. If you're looking for some basic whois integration into Wireshark, then *maybe* the attached Lua script would be useful to you? To try it out, save it to your Personal Lua Plugins directory, which you can find via "Help -> About Wireshark -> Folders -> Personal Lua Plugins". If the folder doesn't exist, then just create it. After that restart Wireshark or just reload Lua Plugins via "Analyze -> Reload Lua Plugins", or by using the shortcut combo, Ctrl+Shift+L. Now you should have a new "Whois" entry under Tools. If you click on it, it should open up a new window where you can enter your query, which must be on the first line of the text window, and then click the "Whois" button to see the results. (Sample screenshot also attached.) NOTE: I only tested this on Windows, and for whois to work, you need to either download the Whois tool from https://learn.microsoft.com/en-us/sysinternals/downloads/whois or download the entire Sysinternals Suite, which includes the Whois tool. Once downloaded, extract the zip archive into a folder in your path so Wireshark can run it. Of course you can just run whois from the command-line as well; this plugin just makes it *perhaps* a little easier to use by having it integrated into Wireshark? - Chris P.S. I included a companion nslookup Lua script as well, which works very similarly to the whois Lua script, in case that's also of any use to you. P.P.S. If these scripts are of any value to others, I suppose I could upload them to https://wiki.wireshark.org/Contrib. Someone should probably test them on other platforms first though to be sure they work similarly as they do on Windows. CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. whois.lua Description: whois.lua nslookup.lua Description: nslookup.lua ___ Sent via:Wireshark-users mailing list Archives:https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:[email protected]?subject=unsubscribe
Re: [Wireshark-users] 2 questions
My apologies for this reply. I just now noticed that Guy had previously responded. Unfortunately, his response never made it to my inbox, but I do now see it at "The Mail Archive" here: https://www.mail-archive.com/[email protected]/msg05179.html The Wireshark Mailing Lists page at https://www.wireshark.org/lists/ lists 3 archives: 1) Local archives (https://www.wireshark.org/lists/wireshark-users/): This archive contains nothing about this thread. 2) MARC archives (https://marc.info/?l=wireshark-users): As far as I can tell, this archive contains no wireshark-users messages since March/April 2022. 3) The Mail Archive (https://www.mail-archive.com/[email protected]/): This is the only archive that appears to contain all messages. So perhaps I'm not receiving all messages for the same or for a similar reason as why the 1st 2 archives are not archiving them? - Chris > -Original Message- > From: Wireshark-users On > Behalf Of Maynard, Chris via Wireshark-users > Sent: Tuesday, February 6, 2024 12:21 PM > To: 'Community support list for Wireshark' [email protected]> > Cc: Maynard, Chris > Subject: Re: [Wireshark-users] 2 questions > > CAUTION: This email originated outside of IGT. Do not click links or open > attachments unless you recognize the sender and know the content is > safe. > > > > > -Original Message- > > From: Wireshark-users On > > Behalf Of Jean-Michel Collard > > Sent: Saturday, December 30, 2023 9:37 PM > > To: [email protected] > > Subject: [Wireshark-users] 2 questions > > > > First of all : Happy New Year to everyone 🙂 > And a happy belated new year to you! > > > Why Wireshark display IPv1/v6 addresses instead of hostnames (if any)? > That's probably because host name resolution is disabled in your > preferences. (And of course I assume you mean IPv4/v6.) > > > Can it be configured to have this ? > Yes. The primary preference to enable is "Edit -> Preferences -> Name > Resolution -> Resolve network (IP) addresses", but there are other name > resolution preferences just under that one that you may or may not also > want to enable. You can also cause IP addresses to be resolved by > manually adding entries in your hosts file located in your "Personal > configuration" folder or in one of the Profiles within that folder if you're > using a particular Profile. You can find your "Personal configuration" > folder from "Help -> About Wireshark -> Folders". For more information > about Name Resolution or Profiles, you can refer to the relevant sections > of the Wireshark User Guide that discusses these topics in more detail. > > Name Resolution: > https://www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResoluti > onSection.html > Profiles: > https://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfile > sSection.html > > > When one right click on a packet there is no whois ? > Correct. CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. ___ Sent via:Wireshark-users mailing list Archives:https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:[email protected]?subject=unsubscribe
Re: [Wireshark-users] 2 questions
> -Original Message- > From: Wireshark-users On > Behalf Of Jean-Michel Collard > Sent: Saturday, December 30, 2023 9:37 PM > To: [email protected] > Subject: [Wireshark-users] 2 questions > > First of all : Happy New Year to everyone 🙂 And a happy belated new year to you! > Why Wireshark display IPv1/v6 addresses instead of hostnames (if any)? That's probably because host name resolution is disabled in your preferences. (And of course I assume you mean IPv4/v6.) > Can it be configured to have this ? Yes. The primary preference to enable is "Edit -> Preferences -> Name Resolution -> Resolve network (IP) addresses", but there are other name resolution preferences just under that one that you may or may not also want to enable. You can also cause IP addresses to be resolved by manually adding entries in your hosts file located in your "Personal configuration" folder or in one of the Profiles within that folder if you're using a particular Profile. You can find your "Personal configuration" folder from "Help -> About Wireshark -> Folders". For more information about Name Resolution or Profiles, you can refer to the relevant sections of the Wireshark User Guide that discusses these topics in more detail. Name Resolution: https://www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResolutionSection.html Profiles: https://www.wireshark.org/docs/wsug_html_chunked/ChCustConfigProfilesSection.html > When one right click on a packet there is no whois ? Correct. CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. ___ Sent via:Wireshark-users mailing list Archives:https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:[email protected]?subject=unsubscribe
Re: [Wireshark-users] 2 questions
On Dec 30, 2023, at 6:36 PM, Jean-Michel Collard wrote: > First of all : Happy New Year to everyone 🙂 Happy New Year to you too! (Or "have a Happy New Year", as it's now still 2023-12-30 23:04 local time here. :-)) > Why Wireshark display IPv1/v6 addresses instead of hostnames (if any)? Because either 1) you don't have network-layer host name resolution enabled or 2) it's enabled, but Wireshark couldn't translate the IP address to a host name. > Can it be configured to have this ? To make sure network host name resolution is enabled: select "Preferences" from the "Edit" menu (Windows, Linux, everything else other than macOS) or the "Wireshark" menu (macOS); select "Name Resolution" from the Preferences dialog; make sure that "Resolve network (IP) addresses" is checked; make sure that "Use your system's DNS settings for name resolution" is checked; click the "OK" button. If that doesn't cause it to resolve IP addresses, it's probably because whatever DNS server your system's DNS settings use can't resolve the addresses. > When one right click on a packet there is no whois ? I don't think there's a "whois" menu item in Wireshark. > I know there are already a lot of things with a right-click. There are, but "whois" isn't one of them. There may have, in the past, been a "resolve IP address(es)" option, but it doesn't appear to be there now. ___ Sent via:Wireshark-users mailing list Archives:https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:[email protected]?subject=unsubscribe
