Saturday, November 23, 2024
Google search engine
HomeData Modelling & AIName Resolution in Wireshark

Name Resolution in Wireshark

The Wireshark is the Network analyzer tool where you can check the traffic, and you can get to know what the packets are transferring from your WAN to LAN. This is a great tool to dissect the traffic, and you can analyze it further. HTTP traffic is not encrypted, so you can see the actual username and password. But in case of the encrypted traffic i.e, SSL/TLS traffic, every packet you see is Gibberish, you cannot read the content and that is because of SSL/TLS handshake where the certificate is exchanged and the client and server exchange their Encrypted cipher suites, and they agree upon to use the algorithm and for the session, the same algorithm would be used further.

In a NUTSHELL, Wireshark works on the dissector and that too will work when you install the Wireshark and the installation suites asked to install the NCAP Drivers so that the network card integrates with the Wireshark mechanism and the software is ready to dissect and map the traffic between your LAN TO WAN.

Wireshark could be useful in so many ways such as checking the number of conversations that each system is doing. When we say about the Name Resolution, it is basically the same as the DNS where every IP converts into some naming conventions. Now, this process comes into the picture whenever you get so much traffic, and you wanted to figure out by which system the server is communicating the most by checking the bytes size and the number of packets transmitted you can filter out the sessions. By default, Wireshark does not make the feature available.

Below are the steps that you need to follow to enable the Name resolution.

Step 1: Open the Wireshark On macOS:

Wireshark → Preference:

Wireshark On macOS

 

Step 2: Go to Preferences →Name Resolution.

named resolution on Wireshark

 

Step 3: Enable ‘Resolve Transport Name’ and ‘Resolve Network (IP) addresses

named resolution on Wireshark

 

Step 4: To confirm if it is working or not you can start the Packet Capture (PCAP) go to Statistics.

Statistics  → Conversations

Statistics menu in Wireshark

 

Step 5: Once you capture the traffic you would be able to see the ‘Name Resolution’ option in the Conversations window. If the above settings not working then, ‘Name Resolution’ would be Greyed out.

Wireshark Named Resolution

 

Step 6: You will be able to see the Name resolution of every packet that is being captured.

Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments