This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

NBNS queries slowing Wireshark capture filter input

2

I wondered why Wireshark (I run 1.5 SVN Rev 35637) always stopped after the first octet (and usually after each other octet as well) whenever I entered a capture filter starting like "host 192.168.0.1", so I captured my PC with a second Wireshark while entering the filter in the first.

What I found was, that my PC (running Win7x64) tried to do a NBNS query for "192<00>", then another for "192.168<00>", then "192.168.0<00>" and finally "192.168.0.1<00>". Each query was repeated at least twice (with no answer coming in), taking about 800ms per try.

My question is: why does Wireshark do that, and what is THIS good for? It is really really annoying :-)

asked 26 Apr '11, 10:24

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

One Answer:

1

That is due to the "capture filter syntax checking" that was introduced (by me actually). It is listed as bug 5356 on bugzilla and needs to be fixed :-)

answered 27 Apr '11, 09:04

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks, good to know :-)

(27 Apr '11, 09:06) Jasper ♦♦