First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How exactly does tshark -z hosts come up with the list?

How exactly does tshark -z hosts come up with the hosts list?

The man page says "Addresses are collected from a number of sources, including standard "hosts" files and captured traffic.".

I am curious to understand what the sources would be. I would assume DNS packets, maybe Windows Netbios or newer Windows protocols?

Thanks.

jtanski's avatar
3
jtanski
asked 2019-05-29 12:23:16 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Just DNS packets, from a quick look at the code; we don't use NBNS traffic to get NetBIOS names.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-05-30 17:57:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you, makes sense.

jtanski's avatar jtanski (2019-05-30 18:18:13 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer