Title: Ethereal DNS Traffic Storm
We are seeing occasional DNS traffic storms that have been isolated to Ethereal. We have confirmed cases with versions 0.9.14 and 0.9.15. Unfortunately, we were also able to reproduce this issue with the current version of 0.10.2. The impacted devices were running Windows operating systems, but we do not know if that is a criteria. We did several searches of the Ethereal mailing lists, but could not find any current reference to this issue. We did find some hits talking about a DNS loop, but it seemed to be referring to DNS packet decodes not DNS name resolution of devices in the trace. In addition, it appeared to have already been corrected.
We have seen as high as 1,132 frames-per-second of DNS related traffic from a single Ethereal client. We were able to capture a sample trace of an Ethereal DNS traffic storm. There were a total of 547,226 frames of DNS related traffic in ~8 minutes. This was ~36 Meg of network traffic, with an overall average rate of 1,132 packets-per-second. In summary, the Ethereal client PC sent a total of 250,461 DNS connection attempts (TCP port 53) to 5 different DNS servers in ~8 minutes. There were ~50K connection attempts per DNS server in this sample trace. This traffic continued until the Ethereal application was aborted. The 3 valid DNS servers each answered as expected with a TCP SYN ACK. The client then responded to these TCP SYN ACK frames with a TCP RST (Reset) aborting the connection attempt.
Is anyone aware of this issue? Please advise so that we can get this problem corrected.
