7.9. Name Resolution

Wireshark 2.1

7.9. Name Resolution

7.9.1. Name Resolution drawbacks

  • Name resolution will often fail. The name to be resolved might simply be unknown by the name servers asked, or the servers are just not available and the name is also not found in Wireshark’s configuration files.
  • The resolved names are not stored in the capture file or somewhere else. So the resolved names might not be available if you open the capture file later or on a different machine. Each time you open a capture file it may look “slightly different” simply because you can’t connect to the name server (which you could connect to before).
  • DNS may add additional packets to your capture file. You may see packets to/from your machine in your capture file, which are caused by name resolution network services of the machine Wireshark captures from.
  • Resolved DNS names are cached by Wireshark. This is required for acceptable performance. However, if the name resolution information should change while Wireshark is running, Wireshark won’t notice a change in the name resolution information once it gets cached. If this information changes while Wireshark is running, e.g. a new DHCP lease takes effect, Wireshark won’t notice it.

7.9.2. Ethernet name resolution (MAC layer)

7.9.3. IP name resolution (network layer)

[Warning] Warning

7.9.4. TCP/UDP port name resolution (transport layer)

7.9.5. VLAN ID resolution