ethernet vendor strings in ethernet addresses

Carter Bullard carter at qosient.com
Wed Feb 15 14:12:54 EST 2012 

Hey /Elof,
OK, done.  I've put in "-M oui" to turn on ethernet vendor printing.
If a wireshark.manuf.txt formatted file hasn't been configured or is not available, then
the option will have no effect.  I also added 'soui' and 'doui' as printable, sortable
and aggregatable objects, if you wanted to deal with the oui as a separate attribute.
All man pages and '-h' output have been updated for the new features.

I know you won't be using this, but I really appreciate the input !!!!
Thanks !!!!

Carter

On Feb 14, 2012, at 7:48 AM, elof2 at sentor.se wrote:

> 
> Personally I won't be using this new feature, but I think it is nice to have.
> 
> Yes, I believe there should be a commandline option to set this (or override the .rarc setting).
> 
> /Elof
> 
> 
> 
> On Mon, 13 Feb 2012, Carter Bullard wrote:
> 
>> Gentle people,
>> I have added ethernet vendor string support when printing ethernet addresses.
>> This is controlled from the rarc file.  You specify where the vendor file will be
>> coming from, and you specify whether you want it or not.   We are reading
>> a wireshark manuf formatted file, which you can get from wireshark.  I went
>> this route rather than hard coding the codes.  I've included a new version
>> of the file in the client distribution, and we install it into the same place
>> where the delegated-ip.txt file goes that holds the country codes.
>> 
>> If you would like a command-line switch to turn this on or off, maybe a
>> "-M ethervendor" option?  Not sure how wireshark turns this on or off.
>> Suggestions are welcome.
>> 
>> The feature is off by default.  I've included the new text below.
>> 
>> # All ra* clients have the ability to print vendor names for the
>> # vendor part of ethernet addresses, that are in flow records.
>> # ra* programs gets its strings for the ethernet vendors using
>> # the Wireshark 'manuf' file, that is provided with the distribution.
>> #
>> # No Commandline equivalent
>> #
>> #RA_PRINT_ETHERNET_VENDORS="no"
>> #RA_ETHERNET_VENDORS="/usr/local/argus/wireshark.manuf.txt"
>> 
>> This will be available in argus-clients-3.0.5.32 when I put it up tomorrow.
>> 
>> Carter
>> 
>> 
>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120215/759ae161/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120215/759ae161/attachment.bin>

More information about the argus mailing list