> Gilbert Ramirez <[EMAIL PROTECTED]> is suggesting DNS records to
> accompany the data in a new tcpdump file format. If this becomes a reality,
> PLEASE make it an optional feature (alternate reality).
The intent was not to oblige all packet capture programs to resolve IP
addresses while they are capturing. That's not what his proposal
requires.
The intent was to allow a capture program that either does so *or*
resolves them after a capture is complete put, in the capture file, the
results of the resolution.
Ethereal, for example, only resolves host names during a capture if
1) you're doing an "Update list of packets in real time" capture
(which means the Ethereal display shows the set of packets
that have been captured so far)
*and*
2) have enabled network name resolution.
If you're not doing an "Update list of packets in real time" capture, it
just writes packets to the capture file as the capture is taking place,
and does resolution of IP addresses to names later when it reads the
capture file after you've stopped the capture (and, even then, does so
only if you've enabled network name resolution).
In any case, while Ethereal is reading and dissecting packets in a
capture file ("Update list of packets in real time" means that it reads
the capture file as stuff gets written to it), it caches the result of a
DNS lookup, so if the name for an address might change moment to moment,
it won't give you what you want; so it goes.
Tcpdump can't both write to a capture file and dissect at the same time
("-w" turns off the printed dissection), so this wouldn't affect
tcpdump.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
