ethernet vendor strings in ethernet addresses
Carter Bullard
carter at qosient.com
Mon Feb 13 20:30:04 EST 2012
Gentle people,
I have added ethernet vendor string support when printing ethernet addresses.
This is controlled from the rarc file. You specify where the vendor file will be
coming from, and you specify whether you want it or not. We are reading
a wireshark manuf formatted file, which you can get from wireshark. I went
this route rather than hard coding the codes. I've included a new version
of the file in the client distribution, and we install it into the same place
where the delegated-ip.txt file goes that holds the country codes.
If you would like a command-line switch to turn this on or off, maybe a
"-M ethervendor" option? Not sure how wireshark turns this on or off.
Suggestions are welcome.
The feature is off by default. I've included the new text below.
# All ra* clients have the ability to print vendor names for the
# vendor part of ethernet addresses, that are in flow records.
# ra* programs gets its strings for the ethernet vendors using
# the Wireshark 'manuf' file, that is provided with the distribution.
#
# No Commandline equivalent
#
#RA_PRINT_ETHERNET_VENDORS="no"
#RA_ETHERNET_VENDORS="/usr/local/argus/wireshark.manuf.txt"
This will be available in argus-clients-3.0.5.32 when I put it up tomorrow.
Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120213/ab8a0a14/attachment.bin>
More information about the argus
mailing list