In any case you are looking at a trace file with wireshark, right? If that's the case, wireshark resolves the addresses.
GV -------------------------------------------------- From: "Richard Brooks" <[email protected]> Sent: Monday, December 21, 2009 9:49 AM To: <[email protected]> Subject: Re: [Winpcap-users] How does WinCap resolve IP addresses? > Hello Gianluca > > Not sure which is doing the DNS lookup. It may well be Wireshark. > > However looking at the traces, it looks like there is some kind of web > service interaction going on that provides better name resolution than > nslookup. > > Any ideas? > > Regards > Richard > <[email protected]> > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Gianluca Varenni > Sent: 20 December 2009 20:37 > To: [email protected] > Subject: Re: [Winpcap-users] How does WinCap resolve IP addresses? > > Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are > you > > talking about winpcap or wireshark? > > > Have a nice day > GV > > -------------------------------------------------- > From: "Richard Brooks" <[email protected]> > Sent: Sunday, December 20, 2009 9:05 AM > To: <[email protected]> > Subject: [Winpcap-users] How does WinCap resolve IP addresses? > >> How does WinCap resolve IP addresses? >> >> I am writing an interface to Snort's MySQL database. The interface >> currently >> uses nslookup to try and resolve ip addresses to their human friendly >> names, >> but WinCap is doing a much better job than nslookup. For example using >> nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net', >> however WinCap correctly resolves this ip address to the much more >> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive >> than the previous effort. >> >> The Snort interface I am writing relies on addresses that look out of >> place >> when resolved to their human friendly names. For example to help the user >> of >> the interface spot addresses that are non-commercial (i.e. a >> hacker/zombie >> machine rather than say 'www.amazon.com'). >> >> What makes things even worst, is than many times nslookup returns the >> likes >> of 'The requested name is valid, but no data of the requested type was >> found'. >> >> If anyone has any ideas on what WinCap is using to resolve ip addresses, >> I'd >> be most grateful if they would let me in on it? >> >> Regards >> Richard >> <[email protected]> >> >> >> >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
