Title: Ethereal DNS Traffic Storm
We are seeing occasional DNS traffic storms that have been isolated to Ethereal. We have confirmed cases with versions 0.9.14 and 0.9.15, as well as with the current version of 0.10.2. The impacted devices were running Windows operating systems, but we do not know if that is a criteria. We did several searches of the Ethereal mailing lists, but could not find any current reference to this issue.
We have seen as high as 1,132 frames-per-second of DNS related traffic from a single Ethereal client. We were able to capture a sample trace of an Ethereal DNS traffic storm. There were a total of 547,226 frames of DNS related traffic in ~8 minutes (~36 Meg of network traffic). In summary, the Ethereal client PC sent a total of 250,461 DNS connection attempts (TCP port 53) to 5 different DNS servers in ~8 minutes. There were ~50K connection attempts per DNS server in the sample trace. This traffic continued until the Ethereal application was aborted. The client PC also went to 100% CPU while the DNS traffic storm was occurring. The 3 valid DNS servers each answered as expected with a TCP SYN ACK. The client then responded to these TCP SYN ACK frames with a TCP RST (Reset) aborting the connection attempt.
Is anyone aware of this issue? Please advise if you can provide some insight or direction regarding correcting this issue. We posted this yesterday to the developers list, but so far no one has responded.