tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What's the point of "oui Unknown"?

From: Michael Richardson <mcr () sandelman ca>
Date: Wed, 22 Oct 2014 13:07:09 -0400

Hannes Gredler <hannes () juniper net> wrote:
    > | Because this feels like a half-implemented feature that turns into |
    > an annoyance. Can we just remove the "Unknown" printing?

    > i don't find it annoying ;-) - also it appears that this is the first
    > "annoyance" report after 9 years.

    > | I also don't see a really good way to solve the problem you | want
    > solved (though I don't realy want it solved...).
    > |
    > | One approach would be to do a realtime lookup of OUIs, | such as in
    > the DNS.

    > wireshark periodically pulls in the OUI HTML page from IEEE and then
    > does some AWK magic to extract the OUI/string tuples ...

    > | Put them in OUI.ARPA (or oui.tcpdump.org) and look them up | when -n
    > is not specified? Maybe?

    > hmm perhaps we can add a check that -n flag also turns off local OUI

If there was energy for oui.tcpdump.org, I'm pretty sure that I can some
places with big DNS infrastructure to host it.   If the AWK script can
generate a DNS table, having that lookup out there is actually really really
valuable.

In the interim, I suggest removing the word "oui", and also the "unknown"
string.  We'll report the things in our table, and just won't bother with
bytes of output that don't help.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: