Ask Your Question
0

edit resolved names

asked 2018-11-28 16:07:12 +0000

I'm using Wireshark on windows and i can edit resolved name by right clicking on an ip address, but i cant figure out how to edit or remove the name.

when i go to Statistics -> resolve names i see the host file entries, but cant find that file.
checked in my personal and global configuration files as well as the system folder.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-11-28 17:09:57 +0000

cmaynard gravatar image

I think this feature needs work.

Currently, the only way I know to remove the name is to close the file without saving it. If you've already saved the changes to a .pcapng file, then a Name Resolution Block is added to the .pcapng file containing the address and resolved name information, so you can either re-save the .pcapng file as a .pcap file to remove the information (but you will lose all other .pcapng information too), or use a binary editor or possibly other tools to remove the entire block.

You can view the Name Resolution Block if you load the .pcapng file in Wireshark using "View -> Reload as File Format/Capture".

It's too bad that you can't clear the resolved name directly from Wireshark. When you attempt to do so by right-clicking the name in the packet details pane to choose, "Edit Resolved Name", you are not allowed to clear the name since the OK button is not active. Also, there does appear a "Name Resolution Preferences..." button; however, if you click on that, it actually just brings up the *Filter Buttons" preferences.

I'd recommend opening up Wireshark bugs for these behaviors:

  • Allow manually resolved names to be cleared from Wireshark.
  • The "Name Resolution Preferences..." button should bring up the relevant "Name Resolution" preferences dialog and should include a list of manually added resolved names that can be edited/cleared.
  • If manually resolved names are added and the capture file is saved, the names will only be saved if the capture file is saved in a format that supports saving them. This is currently not made obvious to the user and so saving the file as a .pcap file results in a loss of information that the user may not be aware of.
edit flag offensive delete link more

Comments

thanks for the information. i guess i will stop suggesting the "Edit Resolved Name" option until it gets easier.

thetechfirm gravatar imagethetechfirm ( 2018-11-28 17:21:50 +0000 )edit

checked and looks like a similar bug has been opened already Wireshark Bug Database – Bug 11221

thetechfirm gravatar imagethetechfirm ( 2018-11-28 17:29:38 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-11-28 16:07:12 +0000

Seen: 3,170 times

Last updated: Nov 28 '18