Hi all, I have to look at a lot of tcpdumps on a regular basis and am finding that all of the IPs are merging into one and difficult to keep track of when I'm looking at a trace.
Is there a way of arbitrarily labelling certain src / dst IPs eg. 10.1.1.3 = PROXY 192.168.9.1 = WWW1 192.168.9.20 = WWW2 172.16.34.34 = CLIENT Obviously I'd like to be able to do this within WireShark itself but if necessary I could pre-process the tcpdump files against a match-list (maybe I'll write a script if there's nothing else out there). I cannot use DNS resolution as all of the dumps are from client sites and generally use RFC1918 addressing so DNS lookup will not work (and I would rather not create a new Zone file for each tcpdump I analyse). I've tried using my /etc/hosts file but it doesn't seem to work (on Win32 at least). I would find this very, very useful. Thanks in advance SM -- Simon Mullis _________________ [EMAIL PROTECTED] _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
