[Guy Harris <gharris@xxxxxxxxxxxx>]

On Fri, Oct 20, 2000 at 10:35:03AM +1000, doug rickard wrote:
> I'm only tracking NetBIOS packets, and NetBIOS does not use a DNS. 

NetBIOS is a service that has been implemented atop many different
protocols; there's NBF (NetBEUI Frame, or whatever it stands for) which
runs atop raw Ethernet, and there's NBT (NetBIOS-over-TCP) which runs
atop TCP and UDP.

In your original message, you said

>   Now I am still using the very same settings, but now the Source and
>   Destination addresses are being displayed as the actual Ethernet addresses,
>   or the dotted quad IP addresses. This makes interpreting the display very
>   difficult.

so clearly IP is involved in some of the traffic you're seeing (if it
weren't, there wouldn't *be* any dotted-quad IP addresses).

A DNS server might be used to translate the dotted-quad IP addresses to
host names, so, whilst NBF doesn't use IP and thus wouldn't cause DNS to
be used, DNS probably *is* involved in the problem, at least as you
reported it in your original message.

Ethernet addresses, however, are translated using a file; Ethereal
checks a file named "/etc/ethers" (I don't know whether it'd try to open
"c:\etc\ethers" or what on Windows) and an "ethers" file in the
".ethereal" subdirectory of your home directory (wherever your home
directory might be on Windows 95).

As such, I'm surprised that Ethereal *EVER* translated Ethernet
addresses to host names, but, if it used to but doesn't do so any more,
perhaps something happened to the files it used.