Re: What's the point of "oui Unknown"?

[Hannes Gredler <hannes () juniper net>]

On Sun, Oct 19, 2014 at 05:47:41PM -0400, John Hawkinson wrote:
| Hannes Gredler <hannes () juniper net> wrote on Sun, 19 Oct 2014
| at 23:11:56 +0200 in <20141019211156.GA90046@hannes-mba.local>:
| 
| > make it better ;-) - what do you suggest ? - pull in a OUI table frequently ?
| 
| As I said, I think:
| 
| > | the Unknown oui printing should be removed.
| 
| Because this feels like a half-implemented feature that turns into
| an annoyance. Can we just remove the "Unknown" printing?

i don't find it annoying ;-) -
also it appears that this is the first "annoyance" report after 9 years.
 
| I also don't see a really good way to solve the problem you
| want solved (though I don't realy want it solved...).
| 
| One approach would be to do a realtime lookup of OUIs,
| such as in the DNS.

wireshark periodically pulls in the OUI HTML page from IEEE and then does
some AWK magic to extract the OUI/string tuples ...
 
| Put them in OUI.ARPA (or oui.tcpdump.org) and look them up
| when -n is not specified? Maybe?

hmm perhaps we can add a check that -n flag
also turns off local OUI name resolution ?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers