mailing list archives
Re: Memory consumption in tshark
From: Anders Broman <anders.broman () ericsson com>
Date: Thu, 29 Aug 2013 15:20:33 +0000
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Dario Lombardo
Sent: den 29 augusti 2013 17:07
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Memory consumption in tshark
On Thu, Aug 29, 2013 at 4:35 PM, Evan Huus <eapache () gmail com<mailto:eapache () gmail com>> wrote:
Basically, but it's also more. If your capture contains a DNS packet resolving a name in a certain way, and the system
name resolver gives a different answer, we prefer the DNS packet in the capture (since presumably the capture was on
some local network where that name resolves differently). For this reason we can't just drop old cache entries unless
name resolution is disabled completely.
That's really interesting. This means that if a DNS packet with a fake resolution is got, it can pollute the "cache".
I've triggered this behaviour in the attached pcap file. It appears that I'm pinging google (in my svn wireshark),
while actually I'm pinging a private addres :).
We should probably have a ****load of parameter to tune the behavior of address resolution :) As there seems to be many
opinions on the subject.
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe