[Winpcap-users] How does WinCap resolve IP addresses?

Richard Brooks richardbuk at sky.com
Mon Dec 21 09:49:53 PST 2009


Hello Gianluca

Not sure which is doing the DNS lookup. It may well be Wireshark.

However looking at the traces, it looks like there is some kind of web
service interaction going on that provides better name resolution than
nslookup.

Any ideas?

Regards
Richard
<RichardBUK at Sky.com>
 
 

-----Original Message-----
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca Varenni
Sent: 20 December 2009 20:37
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] How does WinCap resolve IP addresses?

Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you

talking about winpcap or wireshark?


Have a nice day
GV

--------------------------------------------------
From: "Richard Brooks" <richardbuk at sky.com>
Sent: Sunday, December 20, 2009 9:05 AM
To: <winpcap-users at winpcap.org>
Subject: [Winpcap-users] How does WinCap resolve IP addresses?

> How does WinCap resolve IP addresses?
>
> I am writing an interface to Snort's MySQL database. The interface 
> currently
> uses nslookup to try and resolve ip addresses to their human friendly 
> names,
> but WinCap is doing a much better job than nslookup. For example using
> nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net',
> however WinCap correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.
>
> The Snort interface I am writing relies on addresses that look out of 
> place
> when resolved to their human friendly names. For example to help the user 
> of
> the interface spot addresses that are non-commercial (i.e. a hacker/zombie
> machine rather than say 'www.amazon.com').
>
> What makes things even worst, is than many times nslookup returns the 
> likes
> of 'The requested name is valid, but no data of the requested type was
> found'.
>
> If anyone has any ideas on what WinCap is using to resolve ip addresses, 
> I'd
> be most grateful if they would let me in on it?
>
> Regards
> Richard
> <RichardBUK at Sky.com>
>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users



More information about the Winpcap-users mailing list