Hmmmm... I'm using Windows XP.
I create a 'hosts' file in the same directory as my personal preferences file (%USERPROFILE%\Application Data\Wireshark\) I create a couple of hosts entries: a.b.c.d testing d.e.f.g othertest I start wireshark and load the dump with the IPs a.b.c.d and d.e.f.g (both RFC1918). The IPs are still IPs. I then click "View -> Name Resolution -> Resolve Name" Nothing.... I've tried both Unix and Dos style line endings in the hosts file also. Any ideas? SM On 9/27/06, Simon Mullis <[EMAIL PROTECTED]> wrote: > Jaap - Many thanks! > > Who would have thought that reading the manual would be so productive.... ;-) > > Regards, > > SM > > On 9/27/06, Jaap Keuter <[EMAIL PROTECTED]> wrote: > > Hi, > > > > From the MAN page: > > -----------------8<------------------------------------ > > Name Resolution (hosts) > > If the personal hosts file exists, it is used to resolve IPv4 > > and IPv6 addresses before any other attempts are made to > > resolve them. The file has the standard hosts file syntax; > > each line contains one IP address and name, separated by > > whitespace. The same directory as for the personal preferences > > file is used. > > -----------------8<------------------------------------ > > > > So this is very possible indeed :) > > > > Thanx, > > Jaap > > > > On Wed, 27 Sep 2006, Simon Mullis wrote: > > > > > Hi all, > > > > > > I have to look at a lot of tcpdumps on a regular basis and am finding > > > that all of the IPs are merging into one and difficult to keep track > > > of when I'm looking at a trace. > > > > > > Is there a way of arbitrarily labelling certain src / dst IPs > > > > > > eg. > > > > > > 10.1.1.3 = PROXY > > > 192.168.9.1 = WWW1 > > > 192.168.9.20 = WWW2 > > > 172.16.34.34 = CLIENT > > > > > > Obviously I'd like to be able to do this within WireShark itself but > > > if necessary I could pre-process the tcpdump files against a > > > match-list (maybe I'll write a script if there's nothing else out > > > there). > > > > > > I cannot use DNS resolution as all of the dumps are from client sites > > > and generally use RFC1918 addressing so DNS lookup will not work (and > > > I would rather not create a new Zone file for each tcpdump I analyse). > > > I've tried using my /etc/hosts file but it doesn't seem to work (on > > > Win32 at least). > > > > > > I would find this very, very useful. > > > > > > Thanks in advance > > > > > > SM > > > > > > -- > > > Simon Mullis > > > _________________ > > > [EMAIL PROTECTED] > > > _______________________________________________ > > > Wireshark-users mailing list > > > [email protected] > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > > _______________________________________________ > > Wireshark-users mailing list > > [email protected] > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > -- > Simon Mullis > _________________ > [EMAIL PROTECTED] > -- Simon Mullis _________________ [EMAIL PROTECTED] _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
