Using Wireshark to track HOSTS file hits


#1

Is it possible to use Wireshark to track, log, or gather statistics for hosts in my hosts file that are found during a session of web browsing? I expect I would need some sort of filter for wireshark, and then maybe a logfile analyzer for the log.

The reason I want to do this: I have a fairly complete ad-blocking hosts file from mvps.org/winhelp2002/hosts.htm and it works fine, but it must be installed on each computer on our network.

I noticed, when I stuck the keyword “doubleclick” into my router’s URL filter, a significant number of ads on various web pages were replaced by a “Blocked by Netgear” banner on a computer without a hosts file. This one little keyword has turned out to be useful to visitors who come over and use their own laptop browse the web from my network.

So I’d like to analyze the hits on the hosts file during a typical week of browsing, and see if there are some keywords that will block the majority of the advertisements from my router. I suspect that the majority of ads are generated by just a handful of domains.

Anyone know how to do this?

-A


#2

I’m not sure what you want to do.
Retrieve IP adresses ?

Try Statistics / IP addresses …

Cace pilot (not a freeware) is also able to do statistics.

Olivier


#3

[quote=“wsgd”]I’m not sure what you want to do.
Retrieve IP adresses ?[/quote]

No, I don’t want to retrieve IP addresses. I want a log of all domains blocked in my hosts file that my browser attempted to access during a browsing session. From this log, I would determine a short list of keywords that I can put in a URL filter in my router.

I thought Wireshark might be able to do this. I presume it would monitor any DNS queries, and log results that return 127.0.0.1.

There’s a log file at comfsm.fm/computing/stats/09Aug09.html that gives me a rough idea of the proportion of sites visited by a population of browsers. Several servers on that list are ad servers, with fimserve, doubleclick, and yieldmanager seeming to serve the lion’s share of ads. But that’s for the College of Micronesia. I’d like to see something similar for my home network. Because ALL the servers listed in my hosts file are ad or spyware servers, being able to log the hits on my hosts file would help me determine which ad servers have the most market penetration and serve the most ads.

-A