Ethereal-users: Re: [Ethereal-users] win32 version

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 3 Dec 2001 14:25:52 -0800 (PST)
> yep, it's name rez.  comes up immediately without.  ok, now i ask a diplomatic
> question.
> 
> since you're a netapp guy - i converted the trace with capconv

...which probably isn't as capable as Ethereal's own editcap (which
comes as part of Ethereal, runs on UNIX and Windows, reads all capture
file formats Ethereal reads, and writes all capture file formats
Ethereal writes).

> and then opened
> it with netmon and it came up immediately with names resolved.
> 
> why is ethereal having a huge problem and netmon not?

I don't know.  I tried running Ethereal and Netmon at the same time, but
Ethereal didn't see any obvious name resolution traffic being sent out
by Netmon - and the capture didn't contain any name resolution traffic,
so Netmon didn't passively pick up information from the capture.

It might be doing asynchronous resolution, using the Winsock calls to do
that; Ethereal just uses the portable "gethostbyaddr()" call.