> > (Oh, and, if you do this, make sure you'd run Ethereal with name
> > resolution turned off; I'm not sure which particular call the DNS or NIS
> > name-lookup code uses to read replies, but I'd rather not have to worry
> > about whether the "recvfrom()" is receiving a packet from the socket
> > it's using for snooping or from a socket it's using for making requests
> > over the network.)
>
> That's it! When I turn off name resolution, everything is fine.
DNS lookups often take a really long time to time out if the DNS server
isn't responding. When Ethereal is reading in a capture - or when it's
doing an "update the screen as packets come in" capture - it will, by
default, try to translate IP addresses to host names, which can cause it
to hang for a while until the OS's DNS resolver finally times out and
gives up.
That's probably what's happening.
> And I observed the following: When name resolution is turned on, every second
> call is a DNS, i.e., DNS, IP, ICMP, DNS, IP, ICMP, DNS... (maybe my
> stack is misconfigured, or their stack is misconfigured?) Disabling name
> resolution gives: DNS, IP, ICMP, IP, ICMP...
No, every second call is an attempt by Ethereal to look up the name it
saw in previous packets - i.e., if you turn name resolution on and do an
"update the screen as packets come in" capture, on most OSes some of the
traffic you see will be due to Ethereal itself (the packet-capture
mechanism in a few OSes may not be able to see packets that the machine
itself is transmitting, but Linux is probably not one of those OSes).