Ethereal-dev: Re: [Ethereal-dev] Name Resolution

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 27 Apr 2003 16:41:50 -0700
On Sun, Apr 27, 2003 at 11:06:19PM +0000, Mimic Fox wrote:
> I dumped the packets generated by Ethereal,
> and I confirmed Ethereal sent no netbios queries in fact.
> 
> If Ethereal uses gethostbyaddr() or getnameinfo() in Windows2000 or older,
> Ethereal would send netbios name service queries for addr-to-name 
> resolution.

It *does* use "gethostbyaddr()", so either

	1) Ethereal does send NetBIOS name service queries

or

	2) your assertion that "If Ethereal uses gethostbyaddr() or
	   getnameinfo() in Windows2000 or older, Ethereal would send
	   netbios name service queries for addr-to-name resolution" is
	   incorrect.

Therefore, either

	1) it's sending them, but you missed them (you are looking both
	   for packets sent to the WINS server *AND* NetBIOS Name
	   Service "NODE STATUS REQUEST" packets sent to the IP address
	   to be resolved, right?)

or

	2) your assertion is incorrect.

> I guess that Ethereal uses a special function, not a standard API,
> for addr-to-name resolution. Right?

Wrong.  Don't guess, read the source code - "epan/resolv.c", in
particular.  See "get_hostname()", which calls "host_name_lookup()",
which calls "gethostbyaddr()".