First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How do Wireshark resolve addresses

So I'm a macbook user and have WireShark Version 2.41 installed. Under the Statistics options, WireShark keeps all the records of all the resolved address. (IPv4 and IPv6 to host names/website urls)

Could someone from the WireShark team please explain to me how this is being done? I'm super curious about the whole process since each ip address can host multiple domains. For example, Amazon AWS can host multiple websites on the same IP address. How does WireShark know exactly which host name/website is being accessed through the ip address at that exact moment?

Thanks in advance.

swagluke's avatar
1
swagluke
asked 2018-01-05 20:56:58 +0000, updated 2018-01-05 20:59:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Wireshark version 2.4.1 is a very old and obsolete version. If at all possible please upgrade to the current version.

grahamb's avatar grahamb (2022-11-04 12:44:14 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Hey. As far as I know, there are various ways Wireshark does its name resolution for network layer addresses. Have a look at Preferences -> Name Resolution.

That is:

  1. "use captured DNS packet data for name resolution": here, if you have been using a single service from AWS (for example) which is hosted on an IP address, this binding will be displayed, since Wireshark has seen your DNS request for the actual service hostname and its corresponding IP addresses.
  2. use your system's DNS settings for name resolution: here, reverse DNS lookups (PTR records) for the IP addresses in question are made to your recursive DNS server. With this option being set, you're absolutely correct, that you won't get the name of the concrete service for AWS, but a generic name from Amazon, since such cloud providers do not set their PTR records to the name of each service (which would be hundreds!), but to something generic.

Hope that helps? Cheers Johannes

webernetz's avatar
1
webernetz
answered 2022-11-03 11:38:09 +0000
grahamb's avatar
23.8k
grahamb
updated 2022-11-04 12:43:11 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer