Manuals / Lucent Technologies / Computer Equipment / Network Card

Lucent Technologies Ethereal manual Name Resolution, Ethernet name resolution MAC layer

Models: Ethereal

1 199
Download 199 pages 450 b
Page 138
Image 138

Advanced Features

7.4. Name Resolution

Name resolution tries to resolve some of the numerical address values to human readable names. There are two possible ways to do this conversations, depending on the resolution to be done: call- ing system/network services (like the gethostname function) and/or evaluate from Ethereal specific configuration files. If there are both features available, Ethereal will first try the system services and then fall back to it's own configuration files. XXX - is this really true? For details about the config- uration files Ethereal uses for name resolution and alike, see Appendix A, Configuration (and other) Files and Folders.

However, be prepared that this conversion often will fail, e.g. the name to be resolved might simply be unknown by the servers asked and not found in the configuration files.

Note!

You may see packets to/from your machine in your capture file, which are caused by name resolution network services (e.g. DNS packets).

Note!

The resolved names are not stored in the capture file or somewhere else, so the re- solved names might not be available if you open the capture file later or on a different machine.

Tip!

The name resolution in the packet list is done while the list is filled. If a name could be resolved after a packet was added to the list, that entry won't be changed. As the name resolution results are cached, you can use "View/Reload" to rebuild the packet list, this time with the correctly resolved names.

The name resolution feature can be en-/disabled separately for the following protocol layers (in brackets):

7.4.1. Ethernet name resolution (MAC layer)

ARP name resolution (system service) Ethereal will ask the operating system to convert an ether- net address to the corresponding IP address (e.g. 00:09:5b:01:02:03 -> 192.168.0.1).

Ethernet codes (ethers file) If the ARP name resolution failed, Ethereal tries to convert the ethernet address to a known device name, which has been assigned by the user using an ethers file (e.g. 00:09:5b:01:02:03 -> homerouter).

Ethernet manufacturer codes (manuf file) If both ARP and ethers didn't returned a result, Ethere- al tries to convert the first 3 bytes of an ethernet address to an abbreviated manufacturer name, which has been assigned by the IETF (e.g. 00:09:5b:01:02:03 -> Netgear_01:02:03).

7.4.2. IP name resolution (network layer)

DNS/ADNS name resolution (system/library service) Ethereal will ask the operating system (or the ADNS library), to convert an IP address to the hostname associated with it (e.g. 65.208.228.223 -> www.ethereal.com). The DNS service is using synchronous calls to the DNS server. So Ethereal will stop responding until a response to a DNS request is returned. If possible, you might consider using the ADNS library (which won't wait for a network response).

Warning!

124

Page 137 Page 139
Page 138
Image 138
Lucent Technologies Ethereal manual Name Resolution, Ethernet name resolution MAC layer, IP name resolution network layer
Page 137 Page 139