This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

The documentation states that this filter will work: ip.dst eq www.mit.edu

But when I try to use it, Wireshark gives me an error ' "www.mit.edu" is not a valid hostname or IPv4 address'

I cut-and-pasted the sample into the filter, so I expected it to work!

asked 23 Nov '10, 16:26

ActualRandy's gravatar image

ActualRandy
46224
accept rate: 0%


Try using ip.dst_host eq www.mit.edu. That should resolve the syntax error issue. If you still don't see any traffic try turning on network name resolutions to see what www.mit.edu traffic is really resolving to (for example, www.wireshark.org actually resolves to media-2.cacetech.com.

permanent link

answered 23 Nov '10, 17:11

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

Thanks lchappell - that did the trick :-)

However, being a stickler of sorts, I hope Gerald will re-write the documentation, since the example looks wrong.

(23 Nov '10, 17:25) ActualRandy

Or you could add to the wiki page or the manuals or... <grin>

(23 Nov '10, 19:09) lchappell ♦

note: you have to enable Name Resolution on the preferences for this to work (disabled by default).

(08 Dec '14, 14:35) Ciro Santilli

However, being a stickler of sorts, I hope Gerald will re-write the documentation, since the example looks wrong.

I don't know what Gerald will do, but Guy will ask you to file a bug on this, because that's really badly broken; if our display-filter parser can't figure out that you can compare an IP address with a domain name, that's just horribly bad - it violates the Principle of Least Surprise.

(08 Dec '14, 20:22) Guy Harris ♦♦

Using hostnames in filters only work when they can be resolved. Do you have DNS configured on the system that you are running Wireshark on? And is the system able to resolve www.mit.edu?

permanent link

answered 23 Nov '10, 16:34

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Hey Synbit - thanks for the response.

I can resolve www.mit.edu - I ran nslookup on it and received the ip 192.168.1.1

Regarding whether the system has DNS configured, I can't say; it is a public wireless access point

I ran it while in a live session, as opposed to a stored one, and it gave me a slightly different message: The following display filter isn't a valid display filter: ip.dst eq www.mit.edu

In this message, it is clearly saying that it thinks I have an invalid filter.

(23 Nov '10, 16:47) ActualRandy
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×40
×11

question asked: 23 Nov '10, 16:26

question was seen: 39,072 times

last updated: 08 Dec '14, 20:22

p​o​w​e​r​e​d by O​S​Q​A