Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5
141142143144145146147148149150
7.6.3. IP name resolution (network layer)
Try to resolve an IP address (e.g. 216.239.37.99) to something more "human readable".
DNS/ADNS name resolution (system/library service) Wireshark will ask the operating system (or
the ADNS library), to convert an IP address to the hostname associated with it (e.g. 216.239.37.99 -
> www.1.google.com). The DNS service is using synchronous calls to the DNS server. So Wire-
shark will stop responding until a response to a DNS request is returned. If possible, you might con-
sider using the ADNS library (which won't wait for a network response).
Warning!
Enabling network name resolution when your name server is unavailable may signific-
antly slow down Wireshark while it waits for all of the name server requests to time
out. Use ADNS in that case.
DNS vs. ADNS here's a short comparison: Both mechanisms are used to convert an IP address to
some human readable (domain) name. The usual DNS call gethostname() will try to convert the ad-
dress to a name. To do this, it will first ask the systems hosts file (e.g. /etc/hosts) if it finds a match-
ing entry. If that fails, it will ask the configured DNS server(s) about the name.
So the real difference between DNS and ADNS comes when the system has to wait for the DNS
server about a name resolution. The system call gethostname() will wait until a name is resolved or
an error occurs. If the DNS server is unavailable, this might take quite a while (several seconds).
The ADNS service will work a bit differently. It will also ask the DNS server, but it won't wait for
the answer. It will just return to Wireshark in a very short amount of time. The actual (and the fol-
lowing) address fields won't show the resolved name until the ADNS call returned. As mentioned
above, the values get cached, so you can use View/Reload to "update" these fields to show the re-
solved values.
hosts name resolution (hosts file) If DNS name resolution failed, Wireshark will try to convert an
IP address to the hostname associated with it, using a hosts file provided by the user (e.g.
216.239.37.99 -> www.google.com).
7.6.4. IPX name resolution (network layer)
ipxnet name resolution (ipxnets file) XXX - add ipxnets name resolution explanation.
7.6.5. TCP/UDP port name resolution (transport layer)
Try to resolve a TCP/UDP port (e.g. 80) to something more "human readable".
TCP/UDP port conversion (system service) Wireshark will ask the operating system to convert a
TCP or UDP port to its well known name (e.g. 80 -> http).
XXX - mention the role of the /etc/services file (but don't forget the files and folders section)!
Advanced Topics
136