Windows: \Application Data\Wireshark\hostsĥ.
This step is important because if you have an extension it will not work! Make sure you save the file without an extension. Save the file as a plaintext file with the name hosts to the appropriate directory.Ĥ. The file should contain one entry per line.ģ.
This is a cool feature which I will detail step by step below: You can manually label systems based on their IP addresses with a Wireshark hosts file. Attempting to externally resolve them could generate queries to attacker-controlled infrastructure that could tip off an attacker.Īs a result of these drawbacks the option to use a custom hosts file for Wireshark was realized. The final reason which is a big one is the file you are analyzing could contain malicious IP addresses. This could make your analysis more challenging. Another reason is DNS can generate unwanted packets that can overshadow your capture file as traffic is sent to DNS servers to resolve the address. Name resolution requires additional processing overhead which could slow down or crash Wireshark. One is the conservation of system resources. There are deliberate reasons why you may have the external network name resolver option disabled, a few which I will list. Analyzing a large capture file can be a cumbersome task and having a recognizable name instead of an IP address can make an investigation more apparent.
0 kommentar(er)
