ethernet vendor strings in ethernet addresses
elof2 at sentor.se
elof2 at sentor.se
Tue Feb 14 07:48:47 EST 2012
Personally I won't be using this new feature, but I think it is nice to
have.
Yes, I believe there should be a commandline option to set this (or
override the .rarc setting).
/Elof
On Mon, 13 Feb 2012, Carter Bullard wrote:
> Gentle people,
> I have added ethernet vendor string support when printing ethernet addresses.
> This is controlled from the rarc file. You specify where the vendor file will be
> coming from, and you specify whether you want it or not. We are reading
> a wireshark manuf formatted file, which you can get from wireshark. I went
> this route rather than hard coding the codes. I've included a new version
> of the file in the client distribution, and we install it into the same place
> where the delegated-ip.txt file goes that holds the country codes.
>
> If you would like a command-line switch to turn this on or off, maybe a
> "-M ethervendor" option? Not sure how wireshark turns this on or off.
> Suggestions are welcome.
>
> The feature is off by default. I've included the new text below.
>
> # All ra* clients have the ability to print vendor names for the
> # vendor part of ethernet addresses, that are in flow records.
> # ra* programs gets its strings for the ethernet vendors using
> # the Wireshark 'manuf' file, that is provided with the distribution.
> #
> # No Commandline equivalent
> #
> #RA_PRINT_ETHERNET_VENDORS="no"
> #RA_ETHERNET_VENDORS="/usr/local/argus/wireshark.manuf.txt"
>
> This will be available in argus-clients-3.0.5.32 when I put it up tomorrow.
>
> Carter
>
>
>
>
More information about the argus
mailing list