I'm not seeing DNS queries failing. It looks like Ethereal is not trying to
translate, it does not generate any DNS queries.
As an experiment, I just ran Ethereal and Tethereal simultaneously on the
same PC. Tethereal is issuing DNS queries and displaying the resolved names
in place of the IP addresses. Ethereal is still only displaying IP
addresses, no names.
I've tried every option/setting I could find including adding the "resolved
address" columns; and turning off name resolving and then using the
right-click menu option to resolve names. Nothing happens... no DNS
queries, no resolved names.
As I said, I'm not sure what makes Ethereal work properly every once in
awhile... I've tried to repeat the success I had once before when running
Tethereal first before Ethereal - but no luck, Ethereal refused to resolve
the next time I tried it.
Mike K
----- Original Message -----
From: "Guy Harris" <gharris@xxxxxxxxxxxx>
To: "Mike Kenning" <mkenning@xxxxxxxx>
Cc: <ethereal-users@xxxxxxxxxxxx>; <rickard@xxxxxxxxxxxxx>;
<gharris@xxxxxxxxxxxx>
Sent: October 23, 2000 10:58 PM
Subject: Re: [Ethereal-users] Source/Destination Display (bug?)
> On Mon, Oct 23, 2000 at 10:45:58PM -0700, Mike Kenning wrote:
> > Nearly every time I use Ethereal it is not doing any IP address to DNS
name
> > resolution for Source and Destination addresses, even though I have the
> > "Enable name resolution" option on (both for Capture and Display).
> > Sometimes it will resolve an address or two by learning from a DNS
response
> > that goes past in the trace, but it never issues its own DNS queries.
>
> I.e., you haven't seen DNS queries while watching the network to which
> the machine running Ethereal is connected? (If it displays IP addresses
> rather than host names, that could either be due to Ethereal not trying
> to translate the IP address to a host name or due to it trying to do so
> but failing, either because there's no "in-addr.arpa" DNS entry for that
> IP address, or because the DNS server didn't respond.)
>
> Ethereal doesn't itself contain code to issue DNS queries; it calls the
> routine "gethostbyaddr()" (which, on Windows, should be part of the
> Winsock library, I suspect), which should issue those queries.
>
> It should do that if the internal "Enable name resolution" flag is set;
> if it's not even sending out DNS queries, perhaps that flag getting
> unset internally, somehow, even though you've requested it, or perhaps
> there's something broken in the Winsock library.
>
> > However, just a couple of times it actually has worked and resolves IP
to
> > DNS names by issuing it's own DNS queries for each new IP address that
> > appears in the trace. I'm not sure what triggers it to start working,
but
> > one time it was after I ran the text-based version Tethereal first. By
the
> > way, Tethereal 0.8.12 always seems to work for me by resolving IP to
names
> > via it's own DNS queries. I'm sure this is what Ethereal is supposed to
be
> > doing also, but it seems to be broken.
>
> That suggests some weird problem with Winsock (or perhaps suggests that
> somehow Ethereal is scribbling on Winsock's data).
>