In Wireshark, it uses DNS or what ever you manually have written in the "ethers" or "hosts" file. Whois only shows assignments from the various Internet Registries.
You can of course infer names (say looking at the "Host:" header in a HTTP request) but this isn't done. Unfortunately their is no magic to do this. Regards, Martin [email protected] On 23 May 2012 20:00, nangergong <[email protected]> wrote: > HI, all: > > I noticed that wireshark can show the host name(or website url) for > an ip address precisely. I need such a function which can convert an IP > address to the host name precisely. With linux command "whois", the result > is very coarse. Can anyone tell how wireshark did the conversion and can I > write some scripts or a small program to do this? I mean the input is an IP > address while the output is a host name or URL, Thanks! > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
