Ethereal-dev: [Ethereal-dev] arp dissector and DNS queries in real-time captures...
hi all.
i've noticed an interesting behavior that i've not yet
dug into the code to explain away entirely, but what
i'm noticing is the following:
when doing a capture with "update list of packets in
real time" turned on, but all the name resolution
selection boxes unchecked (therefore no name
resolution should occur), the arp dissector (i've
proven it's only that one dissector) still insists
upon doing DNS lookups for all arped addresses,
polluting the capture with them... :)
has anyone else noticed this behavior?
i'd probably prefer the dissectors to honor the user's
wishes of deferring resolution until a later point in
time no matter what, but i think i can reason through
why this choice was made. it might be wise for us to
document this behavior on the wiki, etc... i'm just
not sure if there is an over-arching strategy (beyond
just DNS requests) for how to deal with dissectors
that require any form of outside assistance and how
their use of that assistance can be disabled, etc, so
i'm not really sure what the right approach to this
situation should be. documenting it might just be
enough... that's where i need your input...
obviously, just turning off the real-time display of
packets solves the problem, as does disabling the arp
dissector until after the capture is complete. simply
knowing that these solutions exist might save some
poor sod quite a bit of time thinking through this
some day off in the future..
any thoughts or comments?
cheers.
Peter Dohm
dohmp@xxxxxxxxx
