This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I selectively name IPs and MACs?

1
1

For troubleshooting on a regular basis I would LOVE to right-click on a src or dst addr in EITHER the packet list or packet details pane and name the item and ONLY the item (like an alias). AFAIK this is only currently (1.6.7) available if I edit the hosts file. I do not want to resolve every IP and I don't want to match MACs to IPs. Please someone tell me I've missed something and there's a button for that. Thanks in advance.

asked 15 May '12, 18:44

bupkes's gravatar image

bupkes
16123
accept rate: 0%

One Answer:
active answersoldest answersnewest answerspopular answers
2

You can resolve an IP address manually.

right-click the src or dst IP in the packet list and select "Manullay Resolve Address". That should be available since Wireshark 1.4.

I do not want to resolve every IP

Unfortunately, you need to enable "Network Address Resolution", for this feature (manual resolve) to work. There is a checkbox for that as well when right-clicking the src/dst.

Unfortunately, this does not work with MAC addresses, even if you add a src/dst mac column in the packet list. For mac addresses you can use the ethers file:

Windows:
%APPDATA%\wireshark\ethers

Unix:
/etc/ethers

File Format:
mac-address string (name or ip)

Sample:
00:23:ae:01:02:03 client_mac

CAUTION: Windows editors tend to attach .txt to the filename. However the file name must be ethers and not ethers.txt.

Regards
Kurt

permanent link

answered 16 May '12, 01:06

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 16 May '12, 01:49

Thank you for the answer but I specifically do NOT want to enable automatic resolution.
For anyone trying to track down a problem using Wireshark it seems like this would be high on the list of needs. Renaming IPs and MACs of identified nodes without confusing the issue with enabling any kind of automatic resolution.

(18 May '12, 10:09) bupkes

You might want to file an enhancement request on the Wireshark Bugzilla (https://bugs.wireshark.org/bugzilla/)

(18 May '12, 15:08) Jim Aragon
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×3
×3

question asked: 15 May '12, 18:44

question was seen: 6,684 times

last updated: 18 May '12, 15:08

Related questions

Can I rename a port?

traces from multiple interface

tshark capturing packets over interface aliases

Change alias in src / dest port to actual port number

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A