Latest version: 2.1.0

NDPMon in the press






edit SideBar

MAC Vendor Resolution

By using the manuf file (MAC vendors database file) from Wireshark, we perform resolution of the corresponding part (first 3 bytes) of MAC addresses and raise a priority 1 alert "unknown MAC vendor" if it is not found in that file.


To build it, make sure to install Wireshark

  1. apt-get install wireshark

If the plugin is enabled when running the configure script, it will look for the manuf file in common directories (/usr/share/wireshark/manuf and /usr/local/share/wireshark/manuf). If it is not located in any of these two directories, you can specify manually the file with --with-manuf

  1. ./configure --enable-mac-resolv --with-manuf=PATH/TO/MANUF

Installation and configuration

At installation, a link will be created to the manuf file. No further configuration is necessary.


An example of "unknown MAC vendor" alert

  1. Reason:  :unknown mac vendor
  2. MAC:     :2:fd:0:0:5:1
  3. MAC2:    :n/a
  4. IPv6:    :fe80::fd:ff:fe00:501
  5. DNS:     :n/a