I would like to manually save the host file info generated via version 2.0.5 so that I can reinstall when a new version of Wireshark becomes available. I used the Help and found the entry that indicated where the host file was supposed to be, however it was not there. When I put an earlier version it was not used. BobMiers asked 05 Sep '16, 04:35 bobmiers |
One Answer:
Wireshark never writes to the hosts file, only reads from it. In my tests, using a build from master, the hosts file is successfully read from both the user and global locations. What OS are you using and what are the exact paths for the hosts file are you using? answered 05 Sep '16, 05:24 grahamb ♦ |
Thanks for the quick response. I am using Win8.1 as the OS. What I have done in the past was put a hosts file in the USER/AppDat/roaming/wireshark folder. When I installed ver 2.0.5 it didn't seem to read from the file, even after a reboot.
I then noticed under the View>Name Resolution tab there was a selection that permitted me to name an IP address. I renamed a bunch of my local fixed addresses using that function. Even after rebooting and starting a new scan, the Name Resolutions that I had entered seemed to be retained. After, without any success, searching for a modified file that might contain the hosts type of info I posted the question.
After reading your message, I edited the USER/AppDat/roaming/wireshark/hosts file to change one of the entries to a ASDFGHJKUIO name and saved the file, and restarted WireShark. This time it did read the file and I saw the ASDFGHJKUIO name appearing.
So it looks like I wasted your time.
Thanks a bunch. BobMiers
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.
As you may know there are multiple options to setup name resolution. The ones you probably know are DNS information and the hosts file. But now manually entered name resolution is also saved, in the pcap-ng file, which has special extensions for that. So the changed file you were looking for is actually the capture file.