Ethereal-dev: [Ethereal-dev] DNS requests being dissected as NetBIOS name lookups

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Fri, 10 Nov 2000 05:20:48 +1000
Hi,

I have just been informed of an interesting problem.

If a trace has a mixture of NetBIOS name lookup and DNS lookups, esp from
Win9X machines, the DNS lookup requests will be dissected as NetBIOS name
requests.

This is because Win9X is stupid enough to send the requests from port 137.

However, Ethereal gets the responses correct!

Since Win9X uses ports below 1024 for both the source and destination, this
seems like a problem. 

The problem seems to be caused because dissect_udp tries to find a
dissector based on the source port first, and then the destination port,
and NetBIOS name requests look like DNS requests, except the format of
names are slightly different.


Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba