This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I save manual address resolutions?

0

Is there any way to SAVE manually resolved addresses to LOAD them next time Wireshark runs?

asked 22 Feb '12, 09:21

contradictor_'s gravatar image

contradictor_
1224
accept rate: 0%

edited 23 Feb '12, 17:18

multipleinterfaces's gravatar image

multipleinte...
1.3k152340


2 Answers:

2

You can create a hosts file and put it in the Wireshark configuration directory. This file follows the same format as the standard Windows or UNIX hosts file. Wireshark will read this file at startup and will use it as long as network name resolution is enabled.

Note that Wireshark will only read this file at startup, so if you make changes while Wireshark is running, you will need to shut down Wireshark and restart for the changes to take effect.

See Preferences/Name Resolution on the Wireshark Wiki.

answered 23 Feb '12, 10:57

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

edited 23 Feb '12, 11:23

multipleinterfaces's gravatar image

multipleinte...
1.3k152340

0

With the development version using pcap-ng file format - yes.

answered 22 Feb '12, 11:42

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Anders, how to tell wireshark that, for example, 8.8.8.8 is "foo" and 4.2.2.2 is "bar" (manually resolve), when starting a new capture?

(23 Feb '12, 01:37) contradictor_

That's a separate question - see (this question)[http://ask.wireshark.org/questions/3832/how-can-i-manually-resolve-ip-addresses], and the other answer to your question, for the only current answer.

At some point it might be useful to have a UI from within Wireshark to manually add name resolution values, but no such UI currently exists.

(23 Feb '12, 21:10) Guy Harris ♦♦

Actually if you right-click on an IP address (or, it seems a frame) in the packet-list pane then there is a "Manually resolve address" option where you can enter a IP<->hostname translation. It does NOT appear to work if you right click in the packet-details pane (e.g., on an IP address).

(24 Feb '12, 06:35) JeffMorriss ♦