Hi all,
I have to look at a lot of tcpdumps on a regular basis and am finding
that all of the IPs are merging into one and difficult to keep track
of when I'm looking at a trace.
Is there a way of arbitrarily labelling certain src / dst IPs
eg.
10.1.1.3 = PROXY
192.168.9.1 = WWW1
192.168.9.20 = WWW2
172.16.34.34 = CLIENT
Obviously I'd like to be able to do this within WireShark itself but
if necessary I could pre-process the tcpdump files against a
match-list (maybe I'll write a script if there's nothing else out
there).
I cannot use DNS resolution as all of the dumps are from client sites
and generally use RFC1918 addressing so DNS lookup will not work (and
I would rather not create a new Zone file for each tcpdump I analyse).
I've tried using my /etc/hosts file but it doesn't seem to work (on
Win32 at least).
I would find this very, very useful.
Thanks in advance
SM
--
Simon Mullis
_________________
simon@xxxxxxxxxxxx