Hello Gianluca Not sure which is doing the DNS lookup. It may well be Wireshark.
However looking at the traces, it looks like there is some kind of web service interaction going on that provides better name resolution than nslookup. Any ideas? Regards Richard <[email protected]> -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gianluca Varenni Sent: 20 December 2009 20:37 To: [email protected] Subject: Re: [Winpcap-users] How does WinCap resolve IP addresses? Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you talking about winpcap or wireshark? Have a nice day GV -------------------------------------------------- From: "Richard Brooks" <[email protected]> Sent: Sunday, December 20, 2009 9:05 AM To: <[email protected]> Subject: [Winpcap-users] How does WinCap resolve IP addresses? > How does WinCap resolve IP addresses? > > I am writing an interface to Snort's MySQL database. The interface > currently > uses nslookup to try and resolve ip addresses to their human friendly > names, > but WinCap is doing a much better job than nslookup. For example using > nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net', > however WinCap correctly resolves this ip address to the much more > meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive > than the previous effort. > > The Snort interface I am writing relies on addresses that look out of > place > when resolved to their human friendly names. For example to help the user > of > the interface spot addresses that are non-commercial (i.e. a hacker/zombie > machine rather than say 'www.amazon.com'). > > What makes things even worst, is than many times nslookup returns the > likes > of 'The requested name is valid, but no data of the requested type was > found'. > > If anyone has any ideas on what WinCap is using to resolve ip addresses, > I'd > be most grateful if they would let me in on it? > > Regards > Richard > <[email protected]> > > > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
