Ethereal-users: Re: [Ethereal-users] Problems with .10a

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 16 Dec 2003 14:12:35 -0800

On Dec 16, 2003, at 1:34 PM, Jason wrote:


Turned off network name resolution.  Seems to be better.  Of course now
it does not resolve the names which in turn, I can not see quickly where 
individuals are 'surfing'.  (Doing audits on networks.)  Is this a bug
of some sort?


The problem is that
1) there's no upper bound, other than the name resolution client-side code, on the length of time it could take to do a name resolution, because it's often done over the network (DNS or, even worse, NetBIOS Name Service on Windows; the way NBNS works means that a name lookup that fails can take a *significantly* long time, as you do the lookup by sending a "who are you?" packet to the IP address you're trying to look up, but if they don't have NBNS code running - and non-Windows machines aren't likely to have it running - you get no reply back, other than perhaps an ICMP "port unreachable" error, but I don't know whether the NBNS client code on Windows sees that);
2) the standard API for doing name lookups is synchronous, meaning it blocks until the name is resolved;
3) that's done in the same thread of control that responds to user input;
so the UI can become unresponsive to user input for a significant period of time.
There are asynchronous name resolution APIs in Windows (WSAAsyncGetHostByName and WSAAsyncGetHostByAddr), but, as Ethereal on Windows doesn't use the native Windows toolkit, it might be difficult to use it (the async routines deliver a message to a window when the lookup completes).
There is, unfortunately, no standard UNIX API for asynchronous name resolution. (APIs like the Windows one wouldn't work very well, as they
1) assume you *have* a window, which isn't necessarily the case - even on Windows (on Windows, presumably windowless server applications use threads, and command-line applications just block until the name resolution succeeds or fails)
2) assume a particular window system with a particular style of input event delivery.)
There's the GNU ADNS API, which Ethereal can be built to use, although it doesn't support name resolution mechanisms other than DNS (host files, NIS, NBNS on Windows, etc.). 


And yes - I do mean Update list of packets in real time and also
capturing to file.
What do you mean by "capturing to file"? I'm able to specify "Update list of packets in real time" and specify a file name in the "File:" text box in Ethereal captures.