Wireshark name resolution
As I mentioned in a previous post, if you’re troubleshooting an issue using wireshark, especially if you’re using IPv6, it can be a headache to keep track of which IP is which in a complex network. Imagine trying to write down or memorize the following IP addresses in the packet capture:
Wireshark can real the local hosts file (/etc/hosts or C:\windows\system32\drivers\etc\hosts) but using this to give arbitrary mappings between IPs and hostname is not a good idea since it may mess up your day-to-day connectivity
Instead, it’s a better idea to create a hosts file in C:\Program Files\Wireshark. Just create a file named “hosts” (no extension) and using the normal syntax add the IP to host mappings. For example:
Turn on network name resolution in wireshark via the edit > preferences > Name Resolution menu and enable the “enable network name resolution” option. Close and restart wireshark.
You should now have a much easier to read pcap: