On Wednesday, July 30, 2003, at 2:11 AM, Geoff Kingsmill wrote:
I have a problem where Ethereal collects packets fine but then hangs
whilst decoding packets. Whilst Ethereal is hung from a user
perspective, it is actually consuming 100% cpu time and continually
doing DOMAIN NAME lookups (and flooding our WAN link). This problem
happens when "Enable MAC name resolution" and "Enable network name
resolution" are both turned on. Everything works fine if I turn either
one of these off. The problem only occurs when both are turned on.
This is running on Windows XP Professional with SP1 and WinPcap V3.0 or
V2.3. I cannot reproduce this problem with Ethereal v0.9.12. This
problem first started in V0.9.13 and still exists in V0.9.14.
The use of GNU ADNS for name lookups also first started in 0.9.13, and
still exists in 0.9.14; however, in 0.9.14, there are now preferences
to control GNU ADNS - "Enable concurrent DNS name resolution" (which,
if not enabled, means GNU ADNS isn't used) and "Maximum concurrent
requests" (which control how many ADNS requests can be in flight, I
assume).
Try turning "Enable concurrent DNS name resolution" off, and see if
that fixes the problem. If so, there's probably something broken in
the GNU ADNS distributed with the Windows version of Ethereal, or with
the way we're using GNU ADNS.
I'm not sure why turning MAC name resolution off makes the problem go
away - I'd expect it to make no difference, as GNU ADNS isn't used for
MAC name resolution. (Perhaps that's caused by the ARP dissector using
ARP replies to use host names for IP addresses as host names for MAC
addresses as well.)
(I am not an expert on GNU ADNS or Ethereal's use of it, so I've
probably supplied most, if not all, of the help that I can, so I set
the Reply-to header to the list, so that replies don't go only to me.)