[Winpcap-users] How does WinCap resolve IP addresses?

Gianluca Varenni gianluca.varenni at cacetech.com
Sun Dec 20 12:36:35 PST 2009

Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you 
talking about winpcap or wireshark?

Have a nice day

From: "Richard Brooks" <richardbuk at sky.com>
Sent: Sunday, December 20, 2009 9:05 AM
To: <winpcap-users at winpcap.org>
Subject: [Winpcap-users] How does WinCap resolve IP addresses?

> How does WinCap resolve IP addresses?
> I am writing an interface to Snort's MySQL database. The interface 
> currently
> uses nslookup to try and resolve ip addresses to their human friendly 
> names,
> but WinCap is doing a much better job than nslookup. For example using
> nslookup ip address '' resolves to 'gv-in-f208.1e100.net',
> however WinCap correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.
> The Snort interface I am writing relies on addresses that look out of 
> place
> when resolved to their human friendly names. For example to help the user 
> of
> the interface spot addresses that are non-commercial (i.e. a hacker/zombie
> machine rather than say 'www.amazon.com').
> What makes things even worst, is than many times nslookup returns the 
> likes
> of 'The requested name is valid, but no data of the requested type was
> found'.
> If anyone has any ideas on what WinCap is using to resolve ip addresses, 
> I'd
> be most grateful if they would let me in on it?
> Regards
> Richard
> <RichardBUK at Sky.com>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

More information about the Winpcap-users mailing list