I'm using 1.8.7 and noticed that manual resolution of hostnames is not working. Meaning, I'd like to supply my own FQDN for an IP address and not attempt to resolve it using 'hosts' or recursively looking up the IPs via DNS, etc. I was able to make it work by putting arbitrary entries as described here, but that seems less than optimal (having to leave the tool to cut/paste/save entries elswhere and still having to resolve). asked 16 Aug '13, 10:03  SimpleinSeattle edited 16 Aug '13, 10:07  grahamb ♦ |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I was going to respond to the thread posted eariler today about this feature saying I noticed the same issue, but I decided to test it a little bit first. If you right-click a packet and select "Manually Resolve Address", it brings up a dialog box which allows you to manually type in a name for the selected IP. However, it appears you have to also select the "Enable network name resolution" checkbox. Once you do this, Wireshark seems to correctly use the arbitrary label you supply, but it also appears to try and resolve everything else in DNS. I guess if you want to use arbitrary labels for hosts, you need to label each one or else Wireshark will use DNS.
I like the intent of this feature, but it seems a bit clunky. I'd like to simply select an arbitrary IP address and give it a label, without being forced to resolve everything else in DNS. It seems like those two features could be separated further.
Agreed. Manually resolving a single IP address ought to work without having to turn on full network name resolution. I suggest filing an enhancement bug report for this.
I'm a little nervous about it, given I'm not a programmer and have never used a bug database like this, but just submitted bug ID #9064. Hopefully it is clear and the people won't think I'm an idiot...
If something's not clear, then you may be asked to provide more information, but it will be OK. ;)
I was the one making this feature when working on a network where only some IP addresses did not resolve, and I think I made it like this because it was the easiest solution to implement at the time.
I totally agree that the manually resolve function should work without enabling network resolution.