Wireshark-dev: Re: [Wireshark-dev] Wireshark hosts file location

From: Jasper Bongertz <jasper@xxxxxxxxxxxxxx>
Date: Thu, 21 Mar 2019 17:43:53 +0100
Title: Re: [Wireshark-dev] Wireshark hosts file location
Thanks, Chris, good point - I forgot the NRB as a source for name resolutions in my prio list. So it should be host > NRB > Answer records -> reverse lookup.

Thursday, March 21, 2019, 2:20:06 PM, you wrote:


See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11470
 
- Chris
 
From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jasper Bongertz
Sent: Thursday, March 21, 2019 6:38 AM
To: Roland Knall <rknall@xxxxxxxxx>; Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Wireshark hosts file location
 
Hi Roland,

When network name resolution is enabled, Wireshark tries to resolve names via hosts file, DNS reverse lookup and by using DNS answer records it found in the pcap. There might be more mechanisms, but these are the ones I am currently aware of.

I would expect it to work like this: there should be a priority of the lookup where the hosts file has the highest priority because that's the one a user can influence and override values she/he doesn't like, e.g. things like DNS resolutions found in the pcap. Second are the DNS answers found in the pcap, and finally an active reverse lookup (unless disabled in the preferences)

For the hosts file, there should be a prioritized list of where to look: current profile folder, Wireshark install folder (because some people put theirs there in the past, like me), and finally the system hosts file. That would allow creating different profiles with alternative hosts files a user can switch.

Cheers,
Jasper

No, currently Wireshark does not switch hosts files with the profiles (to be quite honest, wasn't even aware, that we support something like using non-system hosts files at all).

Currently I am in the middle of rewriting the profile system and can put this on the todo list. Could you describe the behavior a little bit?

kind regards
Roland

Am Do., 21. März 2019 um 10:17 Uhr schrieb Jasper Bongertz <
jasper@xxxxxxxxxxxxxx>:

Hi Graham,

I just saw this:
https://ask.wireshark.org/question/8014/hosts-file-manager/

My first impulse was "put the hosts in a profile directory and switch it via profiles", but when I tested that it didn't work (no names resolved). I'm not sure if the hosts file is even read when it's in a profile directory, or where exactly Wireshark expects a hosts file. Do you know if that's supposed to work?

Cheers,
Jasper


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <
wireshark-dev@xxxxxxxxxxxxx>
Archives:    
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



jasper@xxxxxxxxxxxxxx
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.



jasper@xxxxxxxxxxxxxx