|
Check out these great references as well: |
| Â Our custom profiles repository for Wireshark |
|  Our Udemy course on Wireshark |
| Â Our Udemy course on Wireless Packet capture |
A common question I get is how can I set up a custom local name resolution file for IP and MAC addresses in Wireshark. We discussed basic name resolution in this article.
To customize this name resolution process, we have to go a step further. The answer is it is pretty easy, but there is a big gotcha that stumps most people.
Here is a video on the process:
Follow this procedure:
Step 1: Open Wireshark and click Help> About Wireshark
Step 2: Click on the Folders Tab.
Step 3: Click on the hyperlink for Personal Configuration.
This will open the directory in your file navigator or Finder.
Step 4: In that directory, create a simple text file called “hosts”
Very important that this file does not have ANY extension!! Â If it has the .txt extension, this will not work.
Step 5: Add the relevant hosts for the file:
# This is Andy’s Quick Resolution File for Wireshark
# Lines with # are comments
#
192.168.1.1 DLink_Router
192.168.1.215 My_PC
…and so on…
Step 6: Back in Wireshark, open a capture or do a capture. Â Then select View> Name Resolution> select the Enable for Network layer resolution
All of the names are now visible in all the panes.
You can do the same thing with MAC Addresses. Follow a similar procedure creating a file called “ethers”.
I hope you use this process.