Using Wireshark Name Resolution to Make Packet Analysis Easier

Digging through packet traces can be mind-numbing. It can be difficult for our brains to deal with so many IP addresses flying by at line-speed, or even when doing post-capture analysis.

For this reason it is a good practice to learn to use the Name Resolution feature of Wireshark. As we will see in this video, Wireshark is able to use DNS (and other naming protocols) traffic from within the pcap itself to name IP and IPv6 hosts. Where a DNS resolution is not available for a given station, we can configure Wireshark to go get it from a DNS server.

In this hands-on tutorial, you can download the sample packet capture and follow along as you learn how to configure and utilize the Name Resolution feature of Wireshark.

Enjoy!

To contact Chris with any comments or requests, please reach out here.