|
Check out these great references as well: |
| Our custom profiles repository for Wireshark |
| Our Udemy course on Wireshark |
| Our Udemy course on Wireless Packet capture |
A common question I get is how can I set up a custom local name resolution file for IP and MAC addresses in Wireshark. We discussed basic name resolution in this article.
To customize this name resolution process, we have to go a step further. The answer is it is pretty easy, but there is a big gotcha that stumps most people.
Here is a video on the process:
Follow this procedure:
Step 1: Open Wireshark and click Help> About Wireshark
Step 2: Click on the Folders Tab.
Step 3: Click on the hyperlink for Personal Configuration.
This will open the directory in your file navigator or Finder.
Step 4: In that directory, create a simple text file called “hosts”
Very important that this file does not have ANY extension!! If it has the .txt extension, this will not work.
Step 5: Add the relevant hosts for the file:
# This is Andy’s Quick Resolution File for Wireshark
# Lines with # are comments
#
192.168.1.1 DLink_Router
192.168.1.215 My_PC
…and so on…
Step 6: Back in Wireshark, open a capture or do a capture. Then select View> Name Resolution> select the Enable for Network layer resolution
All of the names are now visible in all the panes.
You can do the same thing with MAC Addresses. Follow a similar procedure creating a file called “ethers”.
I hope you use this process.
I hope you find this article and its content helpful. Comments are welcomed below. If you would like to see more articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!, and all comments are welcome!