This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

I have a packet capture from my LAN that contains a DNS query (wireless) and response (192.168.0.7).

When I copy it to another network and turn on name resolution it attempts to ask the DNS server for the host name of the IP (192.168.0.7) of the traffic... then gives up because the DNS server doesn't have it, but then notices that there is a DNS packet in the file already and uses the results of that. The HTTP session is then showing a destination of "wireless".

Turning off host name resolution shows only connections to 192.168.0.7

How can I make Wireshark (or tshark) look at the DNS in the file and see if it resolves the IP addresses to hostnames but not have it issue queries to the DNS server of my machine which take a while to time out and slow the loading of files down?

Basically I want to do a filter on "ip.host == wireless" which the trace contains the DNS request and response to (and it works if I leave name resolution enabled even on a different network) but I want to cut out querying my DNS servers (which turning on name resolution does).

Thanks for your time, Matthew

asked 09 Nov '11, 15:06

matthew1471's gravatar image

matthew1471
16113
accept rate: 0%

edited 09 Nov '11, 15:07


Docs shed some light upon it: there's configuration file 'hosts' at Wireshark folder where you can put all your names to. And the wireshark name resolution section states that while DNS responses are cached, I don't see any means to populate that cache from the capture file itself, that's weird.

permanent link

answered 09 Nov '11, 16:40

ShomeaX's gravatar image

ShomeaX
736
accept rate: 0%

edited 09 Nov '11, 16:44

Network name resolution is now either switched on or off. There are no controls over where it gets its information from (DNS server, Hosts, seen names).

permanent link

answered 09 Nov '11, 22:39

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×109
×34
×20
×12

question asked: 09 Nov '11, 15:06

question was seen: 5,274 times

last updated: 09 Nov '11, 22:39

p​o​w​e​r​e​d by O​S​Q​A