Ethereal-users: [Ethereal-users] Slow (inefficient?) name resolution after stopping capture

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Matthew and Molly Kidd <mkidd@xxxxxxxxx>
Date: Thu, 22 Nov 2001 04:11:59 -0800
I'm running ethereal 0.8.20 under NT 4 SVP 6. I have no problem capturing 
packets. If I don't select "Enable network name resoluton" under Capture 
Preferences before beginning a capture, ethereal displays the results very 
quickly after the capture is stopped. However, if I do select name 
resolution, it takes a long time, often a minute or so, to display the 
result.

Granted name resolution takes some time. But the sort of thing I'm looking 
at is a simple 500 packet HTTP session that involves no more than say 10 
distinct IP addresses. I would expect that all 10 IP addresses could be 
resolved in a couple of seconds at most based on how quickly nslookup 
returns an answer from the LameDOS command line (well under a second).

My speculation is that ethereal is doing a separate name resolution for 
each address in each packet instead of first determining the distinct set 
of IP addresses and just doing name resolution for those. But I haven't 
looked through the source code, so this is pure speculation. Can anyone 
shed some light on this matter?

  - Matthew Kidd