[Winpcap-users] How does WinCap resolve IP addresses?
Gianluca Varenni
gianluca.varenni at cacetech.com
Sun Dec 20 12:36:35 PST 2009
Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you
talking about winpcap or wireshark?
Have a nice day
GV
--------------------------------------------------
From: "Richard Brooks" <richardbuk at sky.com>
Sent: Sunday, December 20, 2009 9:05 AM
To: <winpcap-users at winpcap.org>
Subject: [Winpcap-users] How does WinCap resolve IP addresses?
> How does WinCap resolve IP addresses?
>
> I am writing an interface to Snort's MySQL database. The interface
> currently
> uses nslookup to try and resolve ip addresses to their human friendly
> names,
> but WinCap is doing a much better job than nslookup. For example using
> nslookup ip address '216.239.59.208' resolves to 'gv-in-f208.1e100.net',
> however WinCap correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.
>
> The Snort interface I am writing relies on addresses that look out of
> place
> when resolved to their human friendly names. For example to help the user
> of
> the interface spot addresses that are non-commercial (i.e. a hacker/zombie
> machine rather than say 'www.amazon.com').
>
> What makes things even worst, is than many times nslookup returns the
> likes
> of 'The requested name is valid, but no data of the requested type was
> found'.
>
> If anyone has any ideas on what WinCap is using to resolve ip addresses,
> I'd
> be most grateful if they would let me in on it?
>
> Regards
> Richard
> <RichardBUK at Sky.com>
>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list