Latest version: 2.1.0

NDPMon in the press

Downloads

Documentation

Plugins

Training

Community

edit SideBar

MAC Vendor Resolution

By using the manuf file (MAC vendors database file) from Wireshark, we perform resolution of the corresponding part (first 3 bytes) of MAC addresses and raise a priority 1 alert "unknown MAC vendor" if it is not found in that file.

Build

To build it, make sure to install Wireshark

  1. apt-get install wireshark

If the plugin is enabled when running the configure script, it will look for the manuf file in common directories (/usr/share/wireshark/manuf and /usr/local/share/wireshark/manuf). If it is not located in any of these two directories, you can specify manually the file with --with-manuf

  1. ./configure --enable-mac-resolv --with-manuf=PATH/TO/MANUF

Installation and configuration

At installation, a link will be created to the manuf file. No further configuration is necessary.

Example

An example of "unknown MAC vendor" alert

  1. Reason:  :unknown mac vendor
  2. MAC:     :2:fd:0:0:5:1
  3. MAC2:    :n/a
  4. IPv6:    :fe80::fd:ff:fe00:501
  5. DNS:     :n/a