Ethereal-users: RE: [Ethereal-users] Ethereal DNS Traffic Storm

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "David DuPre'" <dupre@xxxxxxxxxxxxxxx>
Date: Thu, 25 Mar 2004 23:27:02 -0800
Title: Ethereal DNS Traffic Storm

Yes.  If you have the Network name resolution enabled while you capture or while you open a file it will cause lots of DNS requests.

You can disable the network name resolution and avoid this problem.  See the attached JPG files for images of the two places you need to disable the DNS settings.  This is captured from the Windows XP 10.2 version of the product.

 

Hope that helps,

 

David

David DuPre'  - Executive PE Consultant
HyPerformix Inc.
Email: dupre@xxxxxxxxxxxxxxx
Website: www.hyperformix.com

Did you know?

The 2004 HyPerformix Performance Engineering conference is just around the corner.

Visit this link to learn more: http://www.hyperformix.com/Default.asp?Page=113

 

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Wescott, David H
Sent: Thursday, March 25, 2004 5:00 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Ethereal DNS Traffic Storm

 

We are seeing occasional DNS traffic storms that have been isolated to Ethereal.  We have confirmed cases with versions 0.9.14 and 0.9.15, as well as with the current version of 0.10.2.  The impacted devices were running Windows operating systems, but we do not know if that is a criteria.  We did several searches of the Ethereal mailing lists, but could not find any current reference to this issue.

We have seen as high as 1,132 frames-per-second of DNS related traffic from a single Ethereal client.  We were able to capture a sample trace of an Ethereal DNS traffic storm.  There were a total of 547,226 frames of DNS related traffic in ~8 minutes (~36 Meg of network traffic).  In summary, the Ethereal client PC sent a total of 250,461 DNS connection attempts (TCP port 53) to 5 different DNS servers in ~8 minutes.  There were ~50K connection attempts per DNS server in the sample trace.  This traffic continued until the Ethereal application was aborted.  The client PC also went to 100% CPU while the DNS traffic storm was occurring.  The 3 valid DNS servers each answered as expected with a TCP SYN ACK.  The client then responded to these TCP SYN ACK frames with a TCP RST (Reset) aborting the connection attempt.

Is anyone aware of this issue?  Please advise if you can provide some insight or direction regarding correcting this issue.  We posted this yesterday to the developers list, but so far no one has responded.

Attachment: Ethereal_Capture.jpg
Description: JPEG image

Attachment: Ethereal_Preferences.jpg
Description: JPEG image