Wireshark-bugs: [Wireshark-bugs] [Bug 11567] New: Resolve hostname from DNS/Packet and or TLS Ce
Date: Sat, 03 Oct 2015 13:35:02 +0000
Bug ID 11567
Summary Resolve hostname from DNS/Packet and or TLS Certificate
Product Wireshark
Version unspecified
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter blue-t@web.de

Build Information:
Version 1.12.7 (v1.12.7-0-g7fc8978 from master-1.12)
--
If an application uses a Content-Delivery Network to fetch data like for
example the Blizzard Battle.net , G-datas Antivirus or even Microsofts Windows
Update, you end up with weird hostnames in your wireshark trace.

I think "edgecast.blizzard.com" would be more helpfull to the user than what
the "resolve hostnames" option does by default.

Currently you get gp1.wpc.v1cdn.net 

In this example you could get it from the get request.

"GET /tpr/hs/data/15/f7/15f7c032fe3ceb9331912723379924a5 HTTP/1.1
Host: edgecast.blizzard.com"

or blzddist1-a.akamaihd.net instead of a1219.d.akamai.net from

GET /tpr/hs/data/59/a4/59a40ea8c53d0172777be5b5c892aa0d HTTP/1.1
Host: blzddist1-a.akamaihd.net

I think similiar options could be provided by matching dns requests that most
applications send out to get the ip shortly before the connection is made or by
grabbing the hosts from the certificate.

It might not be completely right at all times to get itt it would be more
helpful than the plain reverse lookup of the ip.

Manually resolving and editing the host is quite an effort on large  capture
files.


You are receiving this mail because:
  • You are watching all bug changes.