This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark host file trouble with Windows 7

0

I tried to create a simple host file in Wireshark using Windows 7 64-bit Ultimate edition and in captures, I see a lot of DNS request error packets stating no such name exists. I know with the virtual folders in Windows, i had to go to I assumed C:\%username%\AppData\roaming\wireshark to create the text document named "hosts" in notepad. Is this the correct path or anyone else experience similar results?

asked 18 Jan '12, 19:12

Andy%20Pessia's gravatar image

Andy Pessia
1111
accept rate: 0%

edited 19 Jan '12, 00:13

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

I just tested with a "hosts" file in my [...]\AppData\Roaming\Wireshark folder, and it worked fine, so I'd say you have the correct path. I have tons of DNS reverse pointer lookups as soon as I enable Network Name Resolution, but that is normal and often doesn't find a result for internal IPs. The names from the hosts file are working every time though.

answered 19 Jan '12, 04:18

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks for the fast reply! I tried it again to that same directory path and it still is not working for my ip address on the system I am capturing traffic with. I see all the host names for all my other nodes on my network, i.e. iphone, ipad, mac-mini but it will not resolve for my own machine. I wonder would it have anything to do with using an ALFA wireless USB antenna instead of the on board wireless NIC? I should try that to see if it makes a difference. Following the logic I wouldn't think it would matter. I even tried my (internal) %ipv6, ipv4% LABCOMP..still will not reslove.

(19 Jan '12, 16:36) Andy Pessia

Should I try adding to the Windows host file instead?

(19 Jan '12, 16:37) Andy Pessia

You can try that, or putting the hosts file into the Wireshark program directory, but you'll need to have administrative rights to do that. It'll be interesting to see if it works in those directories. Keep in mind to close and reopen Wireshark each time you change something.

(20 Jan '12, 14:31) Jasper ♦♦