How do Wireshark resolve addresses

asked 2018-01-05 20:56:58 +0000

swagluke gravatar image

updated 2018-01-05 20:59:39 +0000

So I'm a macbook user and have WireShark Version 2.41 installed. Under the Statistics options, WireShark keeps all the records of all the resolved address. (IPv4 and IPv6 to host names/website urls)

Could someone from the WireShark team please explain to me how this is being done? I'm super curious about the whole process since each ip address can host multiple domains. For example, Amazon AWS can host multiple websites on the same IP address. How does WireShark know exactly which host name/website is being accessed through the ip address at that exact moment?

Thanks in advance.

edit retag flag offensive close merge delete