Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] cache DNS lookups

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 29 Mar 2005 11:30:08 -0800
Florin Andrei wrote:

When opening a big tcpdump file, if i tell Ethereal to resolve IP
addresses to host names, sometimes it takes a very long time. It looks
like Ethereal performs repeated DNS lookups on the same address.


Have you seen network traffic showing it doing so?


Is there a way to cache the results internally, so that a lookup is not
repeated over and over?
Yes, and there's code in Ethereal to do so, so it *shouldn't* be doing repeated lookups when reading a capture file. If it's doing so, that's a bug - is it doing so, or is it just taking a long time to attempt to resolve a given IP address, either because it's doing a DNS lookup and the DNS server isn't responding, or because this is on Windows, it's doing a NetBIOS-over-TCP lookup, and the remote machine isn't responding (either because it's down or because it's not running any software that responds to NBNS packets).
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube