https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356
--- Comment #9 from Bill Meier <wmeier@xxxxxxxxxxx> 2011-06-14 17:27:38 EDT ---
A few comments:
1. The delays are undoubtedly being caused by DNS lookup timeouts happening as
the syntax of the capture filter being entered is verified (using
libpcap/WinPcap's pcap_compile).
(The 'real-time' capture filter syntax checking was added in Wireshark 1.5)
As indicated by Guy above in comment #4 above, the DNS lookups are being done
synchonously so if there's no reply to a lookup, processing will continue only
after a timeout.
2. Some workarounds to not check the syntax while the Capture Filter is
being entered:
a. Enter the capture filter by clicking the capture Filter button in the
capture Options window; (Enter the filter string in the "Filter String"
field and press OK.
b. In the Capture Options window, first enter the address (1.2.3.4),
then move the cursor to the left edge ("home") and enter
"host ". (Ugly but it seems to work).
3. Another possibility: identify the reason for the DNS timeout on your system
and correct it if possible.
E.G., Is an IPv6 (AAA) DNS lookup being done which times out ?
(Run a wireshark capture while using another copy of Wireshark to enter a
capture filter to see what's happening).
4. The above being said, my personal feeling is that this issue needs
to be handled somehow:
? Add a Wireshark preference to not do 'real-time' capture filter
syntax checking ?
? Provide a way to disable DNS lookups in libpcap/winpcap (enabled by
a preference) ?
? ???
My inclination is to provide a preference to disable 'real-time'
capture filter syntax checking.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
