Wireshark · Wireshark-dev: Re: [Wireshark-dev] Filtering Question

Wireshark-dev: Re: [Wireshark-dev] Filtering Question

From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>

Date: Wed, 8 Feb 2012 15:58:07 +0000 (UTC)

Jonathan S. Weissman <jsw52@...> writes:

> What's the difference between ip.src and ip.src_host (and ip.dst and
ip.dst_host and ip.addr vs ip.host)?
> 
> They return the same results, so what exactly does the "type" do?

If you enable network name resolution and the IP address resolves to a host
name, you will more easily see the difference.  But even without resolving to a
host name, the difference is illustrated below:

Without network name resolution enabled:
ip.src == 67.228.110.120
ip.src_host == "67.228.110.120"

With network name resolution enabled:
ip.src == 67.228.110.120
ip.src_host == "www.wireshark.org"

The format expected for the first is an IP address and the format expected for
the second is a character string.

- Chris

References:
- [Wireshark-dev] Filtering Question
  - From: Jonathan S. Weissman

Prev by Date: Re: [Wireshark-dev] Merging capture files of different link layer type
Next by Date: [Wireshark-dev] Adding name resolution blocks in Wireshark
Previous by thread: [Wireshark-dev] Filtering Question
Next by thread: [Wireshark-dev] Updating fuzz-menagerie?
Index(es):
- Date
- Thread