[Winpcap-users] How does WinCap resolve IP addresses?
gianluca.varenni at cacetech.com
Sun Dec 20 12:36:35 PST 2009
Uhm, WinPcap doesn't perform any reverse resolution (IP-->hostname). Are you
talking about winpcap or wireshark?
Have a nice day
From: "Richard Brooks" <richardbuk at sky.com>
Sent: Sunday, December 20, 2009 9:05 AM
To: <winpcap-users at winpcap.org>
Subject: [Winpcap-users] How does WinCap resolve IP addresses?
> How does WinCap resolve IP addresses?
> I am writing an interface to Snort's MySQL database. The interface
> uses nslookup to try and resolve ip addresses to their human friendly
> but WinCap is doing a much better job than nslookup. For example using
> nslookup ip address '220.127.116.11' resolves to 'gv-in-f208.1e100.net',
> however WinCap correctly resolves this ip address to the much more
> meaningful 'bskyb-pop3-ssl.l.google.com', which is much more descriptive
> than the previous effort.
> The Snort interface I am writing relies on addresses that look out of
> when resolved to their human friendly names. For example to help the user
> the interface spot addresses that are non-commercial (i.e. a hacker/zombie
> machine rather than say 'www.amazon.com').
> What makes things even worst, is than many times nslookup returns the
> of 'The requested name is valid, but no data of the requested type was
> If anyone has any ideas on what WinCap is using to resolve ip addresses,
> be most grateful if they would let me in on it?
> <RichardBUK at Sky.com>
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
More information about the Winpcap-users