Wireshark-bugs: [Wireshark-bugs] [Bug 12412] Network-Layer Name Resolution uses first 32-bits of
Date: Mon, 09 May 2016 17:41:13 +0000

Comment # 13 on bug 12412 from
(In reply to Pascal Quantin from comment #11)
> OK so if I summarize:
> - you have a third party software that added an IPv6 DNS to your system

possibly, not certain.

The "Bonjour" mdnsNSP.dll loaded is probably part of iTunes, which is installed
on the system.  Seems some sort of glitch/bug/flaw that Wireshark is loading it
either directly or indirectly.

> - you configure Wireshark to do reverse DNS resolution using the system
> configuration

yes -- works fine once it skips to the second resolver entry

> - you have a security SW (am I right?) that identifies a connection attempt
> to 32.1.4.112

Just a Cisco ASA that blocks all outbound connections from the system and logs
the attempts.

> Did you do a capture to confirm that this is really what Wireshark is doing,
> and not the security software wrongly interpreting an IPv6 DNS query that it
> interprets as IPv4?

I watch the DNS queries in another Wireshark instance.  100% sure it's
Wireshark resolving IPs from a capture.  I start it with resolving disabled and
when I enable it a blast of rDNS queries are made, first to the bogus address
and then to the valid IPv4 secondary.


You are receiving this mail because:
  • You are watching all bug changes.