Ethereal-users: Re: [Ethereal-users] Source/Destination Display?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "doug rickard" <rickard@xxxxxxxxxxxxx>
Date: Sat, 21 Oct 2000 09:05:09 +1000
Guy,

----- Original Message -----
From: Guy Harris <gharris@xxxxxxxxxxxx>
To: doug rickard <rickard@xxxxxxxxxxxxx>
Cc: <Gilbert_Ramirez@xxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, October 20, 2000 1:58 PM
Subject: Re: [Ethereal-users] Source/Destination Display?

> NetBIOS is a service that has been implemented atop many different
> protocols; there's NBF (NetBEUI Frame, or whatever it stands for) which
> runs atop raw Ethernet, and there's NBT (NetBIOS-over-TCP) which runs
> atop TCP and UDP.

Yes, understood. The NetBIOS is all running over NetBEUI. At no point do we
run NetBIOS over TCP/IP. There is only 3 machines on the network capable of
TCP/IP, so they do chatter between themselves from time to time. But there
is a much larger number of DOS only macjines doing automation and process
control which use NetBIOS over NetBEUI only and have NO TCP/IP on them at
all.

> In your original message, you said
>
>
> so clearly IP is involved in some of the traffic you're seeing (if it
> weren't, there wouldn't *be* any dotted-quad IP addresses).

See above.

> A DNS server might be used to translate the dotted-quad IP addresses to
> host names, so, whilst NBF doesn't use IP and thus wouldn't cause DNS to
> be used, DNS probably *is* involved in the problem, at least as you
> reported it in your original message.
>
> Ethernet addresses, however, are translated using a file; Ethereal
> checks a file named "/etc/ethers" (I don't know whether it'd try to open
> "c:\etc\ethers" or what on Windows) and an "ethers" file in the
> ".ethereal" subdirectory of your home directory (wherever your home
> directory might be on Windows 95).

We do from time to time have a Linux box on the network as well, but it does
not have DNS installed.

> As such, I'm surprised that Ethereal *EVER* translated Ethernnet
> addresses to host names, but, if it used to but doesn't do so any more,
> perhaps something happened to the files it used.

Yes, if only I knew what files. As I said, I was using this very same laptop
connected to one end of the LAN and it was giving a wonderful display with
all translated names. Then I just moved the same machine to the other end of
the network, and now it no longer translates the names. There was no other
configuration changes. In both cases Ethereal had been started from the
Windows Explorer window in the Ethereal directory, so there should not have
been a problem with home directories.

Frankly I'm stumped, but I will struggle on and see what I can find.

Thank you for your time,

Doug.