On Sun, Apr 27, 2003 at 11:06:19PM +0000, Mimic Fox wrote:
> I dumped the packets generated by Ethereal,
> and I confirmed Ethereal sent no netbios queries in fact.
>
> If Ethereal uses gethostbyaddr() or getnameinfo() in Windows2000 or older,
> Ethereal would send netbios name service queries for addr-to-name
> resolution.
It *does* use "gethostbyaddr()", so either
1) Ethereal does send NetBIOS name service queries
or
2) your assertion that "If Ethereal uses gethostbyaddr() or
getnameinfo() in Windows2000 or older, Ethereal would send
netbios name service queries for addr-to-name resolution" is
incorrect.
Therefore, either
1) it's sending them, but you missed them (you are looking both
for packets sent to the WINS server *AND* NetBIOS Name
Service "NODE STATUS REQUEST" packets sent to the IP address
to be resolved, right?)
or
2) your assertion is incorrect.
> I guess that Ethereal uses a special function, not a standard API,
> for addr-to-name resolution. Right?
Wrong. Don't guess, read the source code - "epan/resolv.c", in
particular. See "get_hostname()", which calls "host_name_lookup()",
which calls "gethostbyaddr()".
