Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11470] New: Incorrect and ambiguous network name resolution

Wireshark-bugs: [Wireshark-bugs] [Bug 11470] New: Incorrect and ambiguous network name resolutio

Date: Tue, 25 Aug 2015 20:54:54 +0000

Bug ID	11470
Summary	Incorrect and ambiguous network name resolution
Product	Wireshark
Version	Git
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	Christopher.Maynard@igt.com

Build Information:
Version 1.99.9 (v1.99.9rc0-393-g571f254 from master)

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8,
with
WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos,
with GeoIP, with PortAudio V19-devel (built Aug 25 2015), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
English_United States.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.2.15, with Gcrypt 1.6.2, with AirPcap 4.1.3 build 3348.
       Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz (with SSE4.2), with 8072MB of
physical memory.


Built using Microsoft Visual C++ 10.0 build 30319

--
For starters: Given a pcapng file containing a name resolution block (NRB), if
"Resolve network (IP) addresses" is enabled, Wireshark will initially always
use the captured DNS packet data for address resolution, even if that option is
disabled.

Another issue is if both "Use captured DNS packet data for address resolution"
and "Only use the profile "hosts" are enabled, Wireshark will still initially
use the information contained within the NRB.  This is OK I suppose, as
Wireshark is simply giving precedence to the NRB data over the hosts file data,
although there is an ambiguity here because it's not obvious which one takes
priority.  But less OK is that now if you disable "Only use the profile hosts
file" option while leaving "Use captured DNS packet data for address
resolution" enabled, Wireshark actually uses the hosts file data and ignores
the NRB information - the complete opposite of what one would expect.

Perhaps what is needed to resolve the ambiguity problem is a re-thinking of the
various Wireshark name resolution preferences.  I don't know but maybe having
an explicit drop-down of allowed network name resolution choices rather than
having separate check boxes?

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11470] Incorrect and ambiguous network name resolution
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11283] Can't shrink columns after adding them from "apply as column"
Next by Date: [Wireshark-bugs] [Bug 11274] unable to view gsm_a.dtap.updating_type with tshark
Previous by thread: [Wireshark-bugs] [Bug 11283] Can't shrink columns after adding them from "apply as column"
Next by thread: [Wireshark-bugs] [Bug 11470] Incorrect and ambiguous network name resolution
Index(es):
- Date
- Thread