On Mon, Oct 23, 2000 at 10:45:58PM -0700, Mike Kenning wrote:
> Nearly every time I use Ethereal it is not doing any IP address to DNS name
> resolution for Source and Destination addresses, even though I have the
> "Enable name resolution" option on (both for Capture and Display).
> Sometimes it will resolve an address or two by learning from a DNS response
> that goes past in the trace, but it never issues its own DNS queries.
I.e., you haven't seen DNS queries while watching the network to which
the machine running Ethereal is connected? (If it displays IP addresses
rather than host names, that could either be due to Ethereal not trying
to translate the IP address to a host name or due to it trying to do so
but failing, either because there's no "in-addr.arpa" DNS entry for that
IP address, or because the DNS server didn't respond.)
Ethereal doesn't itself contain code to issue DNS queries; it calls the
routine "gethostbyaddr()" (which, on Windows, should be part of the
Winsock library, I suspect), which should issue those queries.
It should do that if the internal "Enable name resolution" flag is set;
if it's not even sending out DNS queries, perhaps that flag getting
unset internally, somehow, even though you've requested it, or perhaps
there's something broken in the Winsock library.
> However, just a couple of times it actually has worked and resolves IP to
> DNS names by issuing it's own DNS queries for each new IP address that
> appears in the trace. I'm not sure what triggers it to start working, but
> one time it was after I ran the text-based version Tethereal first. By the
> way, Tethereal 0.8.12 always seems to work for me by resolving IP to names
> via it's own DNS queries. I'm sure this is what Ethereal is supposed to be
> doing also, but it seems to be broken.
That suggests some weird problem with Winsock (or perhaps suggests that
somehow Ethereal is scribbling on Winsock's data).