This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hosts file for IP resolution - masking

1

Hi,

Can I use masking in hosts file such as: 1.1.1.1/27 GGSN

or do I need to insert it one by one?

Diana

asked 26 May '15, 01:10

Dianalab9's gravatar image

Dianalab9
26161620
accept rate: 0%


2 Answers:

2

Go to the page titled "Configuration Files and Folders" in Wireshark's help and read about the subnets file. This is similar to a hosts file, but for subnets instead of for individual hosts. You have to manually create the file. Suppose you have this line in the file:

192.168.1.0/24 MYNETWORK

If network name resolution is enabled, and if Wireshark is not able to resolve a specific IP address (from the regular hosts file, or from the DNS cache, or from a DNS query), then Wireshark will show the name using the entry from the subnets file.

So, for example, a destination IP address of 192.168.1.89 would show as:

MYNETWORK.89

Wireshark will always use the specific host name instead of the subnets name if Wireshark is able to resolve the address.

answered 26 May '15, 15:35

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

edited 27 May '15, 06:49

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

Thank you! I will try it!

(27 May '15, 00:47) Dianalab9

Wow, all this time I didn't think this feature was available, but it turns out that it was implemented back in 2008 with the SVN r24154 commit, which resolved Bug 1445. I marked my bug, Bug 7339 as a duplicate of Bug 1445, which closes that bug.

While the feature does work, there are a couple of issues though:

  • The subnets file does not work on a per-profile basis like other files, e.g., the hosts file. For consistency, it probably should.
  • While the subnets file is documented in the User Guide, it is not documented in the Wireshark man page under the Files section like the rest of the files are (with the exception of the services file, which is also not documented). I suspect that this may be part of the reason why this file and feature was not known before.

Anyway, a huge thanks to Jim for pointing it out to the community, and to me personally!

(27 May '15, 07:18) cmaynard ♦♦
1

While the subnets file is documented in the User Guide, it is not documented in the Wireshark man page

Yeah, I noticed that too and just submitted a change for it: https://code.wireshark.org/review/8662

I also noticed the 'services' doc problem and will submit another change for it.

(27 May '15, 07:44) JeffMorriss ♦

Thanks Jeff!

(27 May '15, 07:50) cmaynard ♦♦

0

You need to enter hosts one-by-one in /etc/hosts.

answered 26 May '15, 06:18

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

... at least until Bug 7339 is resolved, should anyone ever care to implement it.

(26 May '15, 10:28) cmaynard ♦♦