Ask Your Question
0

Where does the "Resolved Addresses" option on the statistics menu get it's information?

asked 2018-02-13 19:02:10 +0000

rroncme gravatar image

I see information here that I cant find in the trace. i.e. services, and mac addresses. So where does all the info in the file come from?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-07-18 21:09:38 +0000

cmaynard gravatar image

From the Wireshark man page, search for "FILES" and you will come across the documentation for the various files that Wireshark uses for various name resolution capability.

For example:

  • Name Resolution (hosts)
  • Name Resolution (subnets)
  • Name Resolution (ethers)
  • Name Resolution (manuf)
  • Name Resolution (services)
  • Name Resolution (ipxnets)

The 2 you mentioned specifically are handled by the services and manuf files:

The services file is used to translate port numbers into names. Both the global services file and personal services files are used if they exist.

The manuf file is used to match the 3-byte vendor portion of a 6-byte hardware address with the manufacturer's name; it can also contain well-known MAC addresses and address ranges specified with a netmask. The manuf file is looked for in the same directory as the global preferences file.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-02-13 19:02:10 +0000

Seen: 812 times

Last updated: Jul 18 '18

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2