Just a word: This is unusual behaviour. Are your sure the sources you downloaded were
"intact" ? Did you check the keys and checksum as published on the website visually? While
you pull your hair out figuring this, ensure that the sources were not hacked or modified....
Rgrds
On 26. Mar 2004, at 19:25 Uhr, Wescott, David H wrote:
Clarified Post:
Just to clarify, this is not normal DNS traffic. Consider that the
rate is 1000+ frames per second, and that this traffic is going to all
configured DNS servers simultaneously. In addition, these are not the
expected DNS queries carried by UDP. These are TCP SYN frames to port
53. When the DNS server responds with a SYN ACK, the Ethereal client
aborts the connection with a TCP RESET. This traffic is continuous
until Ethereal is aborted, and no DNS information is gained, since all
these port 53 connection attempts are unsuccessful. In one case, an
impacted user left their machine running in this state for 3 hours and
this high rate of DNS traffic was constant for the entire time. We
have observed that this condition occurs during display and not
capture, and that it will push the client CPU to 100%. We believe
that this is some type of bug, and not normal DNS traffic. This
condition only occurs when Ethereal is used, and of course only if DNS
lookups are enabled. However, we would like to get this corrected, so
that DNS lookups can be used.