Ask Your Question

Resolution of Network address

asked 2018-02-15 05:15:48 +0000

Vindra gravatar image

I have a captured file. When I enable "Resolve Network Addresses" I can see the names in the "Source" and "Destination" field. When I disable the option the IP addresses are seen. This is expected. However, my question is how does it resolve the IP addresses ? In command window when I do "nslookup <captured ip="">" one of them works, the other one does not return any name. The how does wireshark resolve both of those?


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-02-15 11:05:24 +0000

Anders gravatar image

It might come from your hosts file as that's used for resolving addresses too.

edit flag offensive delete link more


As well as using the DNS packets in the same trace. Or name resolution blocks in the pcap-ng, etc.

Jaap gravatar imageJaap ( 2018-02-16 06:47:24 +0000 )edit

Hi Anders, I have checked my /etc/hosts file. But there is no such entry. Thanks

Vindra gravatar imageVindra ( 2018-02-17 11:14:36 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-02-15 05:15:48 +0000

Seen: 299 times

Last updated: Feb 15 '18