The documentation states that this filter will work: ip.dst eq www.mit.edu But when I try to use it, Wireshark gives me an error ' "www.mit.edu" is not a valid hostname or IPv4 address' I cut-and-pasted the sample into the filter, so I expected it to work! asked 23 Nov '10, 16:26 ActualRandy |
2 Answers:
Try using answered 23 Nov '10, 17:11 lchappell ♦ |
Using hostnames in filters only work when they can be resolved. Do you have DNS configured on the system that you are running Wireshark on? And is the system able to resolve www.mit.edu? answered 23 Nov '10, 16:34 SYN-bit ♦♦ Hey Synbit - thanks for the response. I can resolve www.mit.edu - I ran nslookup on it and received the ip 192.168.1.1 Regarding whether the system has DNS configured, I can't say; it is a public wireless access point I ran it while in a live session, as opposed to a stored one, and it gave me a slightly different message: The following display filter isn't a valid display filter: ip.dst eq www.mit.edu In this message, it is clearly saying that it thinks I have an invalid filter. (23 Nov '10, 16:47) ActualRandy |
Thanks lchappell - that did the trick :-)
However, being a stickler of sorts, I hope Gerald will re-write the documentation, since the example looks wrong.
Or you could add to the wiki page or the manuals or... <grin>
note: you have to enable Name Resolution on the preferences for this to work (disabled by default).
I don't know what Gerald will do, but Guy will ask you to file a bug on this, because that's really badly broken; if our display-filter parser can't figure out that you can compare an IP address with a domain name, that's just horribly bad - it violates the Principle of Least Surprise.