diff --git a/.gitbook/assets/image (406).png b/.gitbook/assets/image (406).png
index f5ec748fb..274df2375 100644
Binary files a/.gitbook/assets/image (406).png and b/.gitbook/assets/image (406).png differ
diff --git a/.gitbook/assets/image (408).png b/.gitbook/assets/image (408).png
new file mode 100644
index 000000000..f5ec748fb
Binary files /dev/null and b/.gitbook/assets/image (408).png differ
diff --git a/.gitbook/assets/image (409).png b/.gitbook/assets/image (409).png
new file mode 100644
index 000000000..c51466202
Binary files /dev/null and b/.gitbook/assets/image (409).png differ
diff --git a/forensics/pcaps-analysis/wireshark-tricks.md b/forensics/pcaps-analysis/wireshark-tricks.md
index 87a8e7c03..a41eb02df 100644
--- a/forensics/pcaps-analysis/wireshark-tricks.md
+++ b/forensics/pcaps-analysis/wireshark-tricks.md
@@ -38,8 +38,24 @@ You can add a column that show the Host HTTP header:
 
 And a column that add the Server name from an initiating HTTPS connection \(**ssl.handshake.type == 1**\):
 
+![](../../.gitbook/assets/image%20%28407%29.png)
+
+## Identifying local hostnames
+
+### From DHCP
+
+In current Wireshark instead of `bootp` you need to search for `DHCP`
+
+![](../../.gitbook/assets/image%20%28409%29.png)
+
+### From NBNS
+
 ![](../../.gitbook/assets/image%20%28406%29.png)
 
+
+
+
+
 ## Decrypting TLS
 
 ### Decrypting https traffic with server private key