THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

edit resolved names

  • retag add tags

I'm using Wireshark on windows and i can edit resolved name by right clicking on an ip address, but i cant figure out how to edit or remove the name.

when i go to Statistics -> resolve names i see the host file entries, but cant find that file.
checked in my personal and global configuration files as well as the system folder.

thetechfirm's avatar
96
thetechfirm
asked 2018-11-28 16:07:12 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

I think this feature needs work.

Currently, the only way I know to remove the name is to close the file without saving it. If you've already saved the changes to a .pcapng file, then a Name Resolution Block is added to the .pcapng file containing the address and resolved name information, so you can either re-save the .pcapng file as a .pcap file to remove the information (but you will lose all other .pcapng information too), or use a binary editor or possibly other tools to remove the entire block.

You can view the Name Resolution Block if you load the .pcapng file in Wireshark using "View -> Reload as File Format/Capture".

It's too bad that you can't clear the resolved name directly from Wireshark. When you attempt to do so by right-clicking the name in the packet details pane to choose, "Edit Resolved Name", you are not allowed to clear the name since the OK button is not active. Also, there does appear a "Name Resolution Preferences..." button; however, if you click on that, it actually just brings up the *Filter Buttons" preferences.

I'd recommend opening up Wireshark bugs for these behaviors:

  • Allow manually resolved names to be cleared from Wireshark.
  • The "Name Resolution Preferences..." button should bring up the relevant "Name Resolution" preferences dialog and should include a list of manually added resolved names that can be edited/cleared.
  • If manually resolved names are added and the capture file is saved, the names will only be saved if the capture file is saved in a format that supports saving them. This is currently not made obvious to the user and so saving the file as a .pcap file results in a loss of information that the user may not be aware of.
cmaynard's avatar
11.1k
cmaynard
answered 2018-11-28 17:09:57 +0000
edit flag offensive 0 remove flag delete link
more

Comments

thanks for the information. i guess i will stop suggesting the "Edit Resolved Name" option until it gets easier.

thetechfirm's avatar thetechfirm (2018-11-28 17:21:50 +0000) edit
more
  • delete

checked and looks like a similar bug has been opened already Wireshark Bug Database – Bug 11221

thetechfirm's avatar thetechfirm (2018-11-28 17:29:38 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer