For troubleshooting on a regular basis I would LOVE to right-click on a src or dst addr in EITHER the packet list or packet details pane and name the item and ONLY the item (like an alias). AFAIK this is only currently (1.6.7) available if I edit the hosts file. I do not want to resolve every IP and I don't want to match MACs to IPs. Please someone tell me I've missed something and there's a button for that. Thanks in advance. asked 15 May '12, 18:44  bupkes |
One Answer:
You can resolve an IP address manually. right-click the src or dst IP in the packet list and select "Manullay Resolve Address". That should be available since Wireshark 1.4.
Unfortunately, you need to enable "Network Address Resolution", for this feature (manual resolve) to work. There is a checkbox for that as well when right-clicking the src/dst. Unfortunately, this does not work with MAC addresses, even if you add a src/dst mac column in the packet list. For mac addresses you can use the ethers file: Windows: Unix: File Format: Sample: CAUTION: Windows editors tend to attach .txt to the filename. However the file name must be ethers and not ethers.txt. Regards answered 16 May '12, 01:06  Kurt Knochner ♦ edited 16 May '12, 01:49 |
Thank you for the answer but I specifically do NOT want to enable automatic resolution.
For anyone trying to track down a problem using Wireshark it seems like this would be high on the list of needs. Renaming IPs and MACs of identified nodes without confusing the issue with enabling any kind of automatic resolution.
You might want to file an enhancement request on the Wireshark Bugzilla (https://bugs.wireshark.org/bugzilla/)