Latest version: 2.1.0
MAC Vendor Resolution
By using the manuf file (MAC vendors database file) from Wireshark, we perform resolution of the corresponding part (first 3 bytes) of MAC addresses and raise a priority 1 alert "unknown MAC vendor" if it is not found in that file.
To build it, make sure to install Wireshark
If the plugin is enabled when running the configure script, it will look for the manuf file in common directories (/usr/share/wireshark/manuf and /usr/local/share/wireshark/manuf). If it is not located in any of these two directories, you can specify manually the file with --with-manuf
Installation and configuration
At installation, a link will be created to the manuf file. No further configuration is necessary.
An example of "unknown MAC vendor" alert