Anders Broman skrev 2013-08-29 17:20:
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Dario Lombardo
*Sent:* den 29 augusti 2013 17:07
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Memory consumption in tshark
On Thu, Aug 29, 2013 at 4:35 PM, Evan Huus <[email protected]
<mailto:[email protected]>> wrote:
Basically, but it's also more. If your capture contains a DNS
packet resolving a name in a certain way, and the system name
resolver gives a different answer, we prefer the DNS packet in the
capture (since presumably the capture was on some local network
where that name resolves differently). For this reason we can't
just drop old cache entries unless name resolution is disabled
completely.
That's really interesting. This means that if a DNS packet with a fake
resolution is got, it can pollute the "cache".
I've triggered this behaviour in the attached pcap file. It appears
that I'm pinging google (in my svn wireshark), while actually I'm
pinging a private addres :).
We should probably have a ****load of parameter to tune the behavior
of address resolution JAs there seems to be many opinions on the subject.
I have checked in a change to not store addresses in the hash table when
name resolution is off. It remains to do changes to not store unresolved
addresses when address resolution is used.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
