I would like to enable network name resolution but only allow Wireshark to use its hosts file in %WIRESHARK%\hosts, or %APPDATA%\Wireshark\hostsdisable. It appears that when I enable network name resolution in preferences then it enables name reslution using, DNS, the windows hosts file, and the Wireshark hosts file. I often analyze very large captures from a private network while I'm attached to my corporate network, I do have a large wireshark hosts file but there are many addresses for which I do not have an entry, Wireshark resorts to DNS to attempt to resolve these names and it takes a very long time since many are not reachable and result in a timeout before proceeding. Dos anyone know if there is a way to disable DNS network name resolution while at the same time allowing network name resolution using the Wireshark hosts file? Thanks for any help!! asked 14 Sep '10, 22:11  Saninim edited 10 Jul '12, 18:35  Guy Harris ♦♦ |
One Answer:
What you want isn't possible, currently, but shouldn't be required. If you check Enable concurrent DNS name resolution in the name resolution preferences the DNS name resolving takes place without blocking further operation. answered 15 Sep '10, 00:07  Jaap ♦ |
According to http://c-ares.haxx.se/ares_init.html we can force the use of the local hosts file using
ARES_OPT_LOOKUPS. Unfortunately there doesn't seem to be a way to get there. The code that parses theRES_OPTIONSenvironment variable doesn't provide an option for this, and we don't provide a way to set the flags within Wireshark. This should probably be a wishlist item in Bugzilla.I added it to the wishlist.
I added a Bug report :-) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7380
For the record, the bug is pretty much implemented (although the bug is still open). I also moved the WishList item to the Done section.