tcpdump mailing list archives
Re: What's the point of "oui Unknown"?
From: Hannes Gredler <hannes () juniper net>
Date: Sun, 19 Oct 2014 23:11:56 +0200
On Sun, Oct 12, 2014 at 04:00:57PM -0400, John Hawkinson wrote: | I guess it's been a long time since I've run tcpdump -e. | On an 802.11 packet, I see: | | 15:47:26.928534 0us BSSID:58:f3:9c:e5:a2:cf (oui Unknown) DA:Broadcast | SA:58:f3:9c:e5:a2:cf (oui Unknown) Beacon (MIT N) [18.0 24.0* 36.0 48.0 | 54.0 Mbit] ESS[|802.11] | | That is: | | 58:f3:9c:e5:a2:cf (oui Unknown) | | is from etheraddr_string() because 58:f3:9c does not appear | in the list of 14 ouis in oui.c: | | 29 /* FIXME complete OUI list using a script */ | 30 | 31 const struct tok oui_values[] = { | 32 { OUI_ENCAP_ETHER, "Ethernet" }, | 33 { OUI_CISCO, "Cisco" }, | 34 { OUI_NORTEL, "Nortel Networks SONMP" }, | 35 { OUI_CISCO_90, "Cisco bridged" }, | 36 { OUI_RFC2684, "Ethernet bridged" }, | 37 { OUI_ATM_FORUM, "ATM Forum" }, | 38 { OUI_CABLE_BPDU, "DOCSIS Spanning Tree" }, | 39 { OUI_APPLETALK, "Appletalk" }, | 40 { OUI_JUNIPER, "Juniper" }, | 41 { OUI_HP, "Hewlett-Packard" }, | 42 { OUI_IEEE_8021_PRIVATE, "IEEE 802.1 Private"}, | 43 { OUI_IEEE_8023_PRIVATE, "IEEE 802.3 Private"}, | 44 { OUI_TIA, "ANSI/TIA"}, | 45 { OUI_DCBX, "DCBX"}, | 46 { 0, NULL } | | What's the thinking here? | | Obviously there are thousands of OUIs, and most are not going to ever | be in tcpdump's list, and it seems like populating oui.c with 20,000 | OUIs may not be the way to go. | | The code to do this was added by Hannes Gredler in: | | commit 64690e70e5559c14aade6b2bccb3c05f14718d4c | Author: hannes <hannes> | Date: Sun Apr 10 07:17:00 2005 +0000 | | plumb in oui-name resolution | | and is currently (addrtoname.c): | | 510 if (!nflag) { | 511 snprintf(cp, BUFSIZE - (2 + 5*3), " (oui %s)", | 512 tok2str(oui_values, "Unknown", oui)); | 513 } else | | | It seems to me that without more robust support this is just annoying | noise and, at the very least, the Unknown oui printing should be | removed. | | Thoughts? make it better ;-) - what do you suggest ? - pull in a OUI table frequently ? /hannes _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- What's the point of "oui Unknown"? John Hawkinson (Oct 17)
- Re: What's the point of "oui Unknown"? Hannes Gredler (Oct 22)
- Re: What's the point of "oui Unknown"? John Hawkinson (Oct 22)
- Re: What's the point of "oui Unknown"? Hannes Gredler (Oct 22)
- Re: What's the point of "oui Unknown"? Michael Richardson (Oct 22)
- Message not available
- Re: What's the point of "oui Unknown"? Michael Richardson (Oct 22)
- Re: What's the point of "oui Unknown"? John Hawkinson (Oct 22)
- Re: What's the point of "oui Unknown"? Hannes Gredler (Oct 22)
- Re: What's the point of "oui Unknown"? Michael Richardson (Oct 22)
- Re: What's the point of "oui Unknown"? Rick Jones (Oct 22)
- Re: What's the point of "oui Unknown"? John Hawkinson (Oct 22)