DNS Resolution

There are two ways to resolve a node's DNS in the Interactive Search feature. Understanding these methods provides valuable insights into the traffic data.

1. Hovering over a node

Hovering over a node should try to resolve the Node’s DNS.

2. Top Talkers list

Clicking the host name column in the Top Talkers list resolves the DNS.

The hostname will be initially truncated if greater than 25 characters. Truncated hostnames have ... at the end of the string. You can click the column again to expand the hostname.

 

Before
Resolving DNS by clicking
expanding truncated hostname

 

While a PCAP is being processed into a network, the node’s hostname is NOT resolved initially. The hostname field is the node’s IP, followed by “_hostname”.

When resolving the DNS of a node, if the API was unable to resolve the hostname, the hostname becomes IP followed by “_Uknown Host”.

10 and 11 are defaults. 12 wasn’t able to be resolved

If the hostname was able to be resolved, the hostname just becomes the hostname string.