Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you talking about winpcap or wireshark?
Have a nice day GV -------------------------------------------------- From: "Richard Brooks" <[email protected]> Sent: Sunday, December 20, 2009 9:05 AM To: <[email protected]> Subject: [Winpcap-users] How does WinCap resolve IP addresses? > How does WinCap resolve IP addresses? > > I am writing an interface to Snort's MySQL database. The interface > currently > uses nslookup to try and resolve ip addresses to their human friendly > names, > but WinCap is doing a much better job than nslookup. For example using > nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net', > however WinCap correctly resolves this ip address to the much more > meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive > than the previous effort. > > The Snort interface I am writing relies on addresses that look out of > place > when resolved to their human friendly names. For example to help the user > of > the interface spot addresses that are non-commercial (i.e. a hacker/zombie > machine rather than say 'www.amazon.com'). > > What makes things even worst, is than many times nslookup returns the > likes > of 'The requested name is valid, but no data of the requested type was > found'. > > If anyone has any ideas on what WinCap is using to resolve ip addresses, > I'd > be most grateful if they would let me in on it? > > Regards > Richard > <[email protected]> > > > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
