 | 1 | initial version |
Hey. As far as I know, there are various ways Wireshark does its name resolution for network layer addresses. Have a look at Preferences -> Name Resolution.
That is: 1) "use captured DNS packet data for name resolution": here, if you have been using a single service from AWS (for example) which is hosted on an IP address, this binding will be displayed, since Wireshark has seen your DNS request for the actual service hostname and its corresponding IP addresses. 2) use your system's DNS settings for name resolution: here, reverse DNS lookups (PTR records) for the IP addresses in question are made to your recursive DNS server. With this option being set, you're absolutely correct, that you won't get the name of the concrete service for AWS, but a generic name from Amazon, since such cloud providers do not set their PTR records to the name of each service (which would be hundreds!), but to something generic.
Hope that helps? Cheers Johannes
| | 2 | No.2 Revision |
Hey. As far as I know, there are various ways Wireshark does its name resolution for network layer addresses. Have a look at Preferences -> Name Resolution.
That is:
1) is:
Hope that helps? Cheers Johannes
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
