> I use the Windows 32-bit version of Ethereal to decipher packets made by
> BlackIce Defender version 2.1cn. Ethereal has worked great through the last
> three or four revisions. But, after downloading the latest version 0.8.13
> non-capture (I use gtk-libs-20000805) I have found upon trying to open a
> packet it will try and dial the Intruders IP address and if stopped, it will
> then try and dial the victims IP address in the packet!
"Dial"?
Ethereal *will*, by default, try to look up, for many IP addresses in
packets, the host name corresponding to the IP address; this includes
the IP addresses in the IP headers of packets.
This means that it - or, rather, that the library routine it calls to do
that - may send out DNS request packets, and some of those packets may
go to a DNS server for the site where that IP address is located.
If by "dial" you mean "dial the telephone", sending packets to that site
(or any other site to which you'd connect via a dial-up network link)
could cause the machine on which Ethereal is running to attempt to
establish a network connection by dialing, for example, an ISP.
This is a feature, not a bug; a host name is often more meaningful than
an IP address, and captures where the packets are listed as coming from
or going to "www.yahoo.com" are often easier to read than captures where
the packets are listed as going to or coming from, say, 216.115.105.2.
If you don't want Ethereal to do those DNS lookups, you'd have to tell
it not to do so; the command-line "-n" flag, or the "Enable name
resolution" checkbox in the "Open Capture File" dialog box (make sure
that checkbox is *not* active), let you do that.
> I downloaded and installed Ethereal 0.8.13 non-capture, a second time with
> the same results. This has never happened with any previous versions of
> Ethereal.
There was a bug in previous versions of Ethereal that caused Ethereal on
Windows not to correctly set up the library routine it calls to look up
host names, causing that routine not to send out DNS requests, so name
resolution didn't work.
That bug was fixed in 0.8.13 (by one of the developers; there's no
member of the Ethereal team who is "the" Win32 developer, but Graham's
done a lot of the Win32-specific work), so that it now sets up that
library routine correctly, causing the routine to send out DNS requests,
just as it has always done on UNIX.
I.e., the behavior you were getting in earlier versions of Ethereal,
where it didn't do name lookups even if it wasn't told not to do so, was
due to a bug; that bug has been fixed, so Ethereal (and Tethereal) now
correctly do name lookups on Windows, so you'd have to tell it not to do
so.
