Hannes R. Boehm wrote:
>
> On Sun, Sep 06, 1998 at 06:52:45PM +0200, Laurent Deniel wrote:
> > Hannes R. Boehm wrote:
> > >
> > > On Sun, Sep 06, 1998 at 02:46:37PM +0200, Laurent Deniel wrote:
> > > > Hi,
> > > >
> > > > I have implemented network object name resolving. The current
> > > > implemented objects are : IP addresses, UDP and TCP ports.
> > > >
> > > > All name resolutions use a hash table to optimize lookup time
> > > > and a mechanism is implemented to avoid long DNS timeout for
> > > > hostname lookups.
> > >
> > > Do you know the NAI Sniffer ?
> > >
> > > It does take the RR form DNS packets it has already analyzed instead of
> > > making a lookup itself. This way there is no traffic generated by the sniffer.
> > > (even if not all IPs show up in the DNS packets it is quite usefull)
> > >
> >
> > Yes but as ethereal analyses dump files, the generated traffic is not
> > important (there is no lookup during the capture phase). And I prefer
> > to make real lookup since the captured packets may have been filtered
> > (i.e. no DNS packets in the file).
>
> Thats right, but:
>
> when you capture in a private LAN, and send the capture file to a friend
> (for analization with ethereal) -> he will not be able to do any lookups.
> (or he will get other names (since his machine may be located in a
> private Internet too.)
Yes, this is why, like tcpdump, there is a -n option ;-)
And adding hostnames in the hash table from DNS packets is already in my
"To do" list (will be made after the eth resolution).
>
> anyway: I like your resolving code (especialy that you use hash tables.).
Thanks.
>
> wkr
> Hannes
>
I've planed to implement the ether/manuf resolution. Expect a patch soon.
As stated in a previous post, I will use /etc/ethers and /etc/manuf.
The first file will be checked when an entry is not found in the hash
table (like UDP/TCP port) while the second file (manuf) will be put
completely in the hash table at initialization phase (my list of common
vendor has ~ 100 entries, a complete list may have 800 entries which
represent less than 20Kbytes).
Laurent.
--
Laurent DENIEL | E-mail: deniel@xxxxxxxxxxx
Paris, FRANCE | deniel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
| WWW : http://www.worldnet.fr/~deniel
All above opinions are personal, unless stated otherwise.