On Thu, Aug 29, 2013 at 4:35 PM, Evan Huus <eapa...@gmail.com> wrote:
> Basically, but it's also more. If your capture contains a DNS packet > resolving a name in a certain way, and the system name resolver gives a > different answer, we prefer the DNS packet in the capture (since presumably > the capture was on some local network where that name resolves > differently). For this reason we can't just drop old cache entries unless > name resolution is disabled completely. > >> That's really interesting. This means that if a DNS packet with a fake resolution is got, it can pollute the "cache". I've triggered this behaviour in the attached pcap file. It appears that I'm pinging google (in my svn wireshark), while actually I'm pinging a private addres :).
wireshark-resolution-bug.pcapng
Description: Binary data
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
