Ask Your Question
0

Update the Wireshark OUI manufacturer database?

asked 2018-10-28 13:14:40 +0000

naboznyk gravatar image

I frequently come across OUIs that are not in the Wireshark manufacturer database.

Is there a process to contribute missing OUIs with manufacturer information to improve the database?

Thanks!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-10-28 18:50:17 +0000

Guy Harris gravatar image

The manufacturer database is generated by a script; the comment near the beginning of the script says:

Make-manuf creates a file containing ethernet OUIs and their company IDs. It merges the databases at IEEE with entries in our template file. Our file in turn contains entries from http://www.cavebear.com/archive/caveb... along with our own.

The script reads the comments at the top of "manuf.tmpl" and writes them to "manuf". It then joins the manufacturer listing in "manuf.tmpl" with the listing in "oui.txt", "iab.txt", etc, with the entries in "manuf.tmpl" taking precedence.

It's run periodically, with the resulting manuf file being committed to the Wireshark Git repository.

If the OUIs you're finding are in one of the IEEE databases, then either your manuf file was generated at a time when they weren't in one of those databases or the script isn't working correctly.

If the OUIs you're finding aren't in one of the IEEE databases, then they need to be added to the manuf.tmpl file.

edit flag offensive delete link more

Comments

I get that, but the manuf.tmpl file is just for my local instance of Wireshark, right?

Is there a way to update the "master" manufacturer database so that everyone benefits from the new information?

I frequently find devices that are not in the database and it is not like they are new devices that might not have been added yet. I thought there might be a way to add new information to the database for everyone.

naboznyk gravatar imagenaboznyk ( 2018-10-28 22:22:07 +0000 )edit

but the manuf.tmpl file is just for my local instance of Wireshark, right

No. It's not read by Wireshark, it's read by the script, which is run when Wireshark is built, not when it's run.

Is there a way to update the "master" manufacturer database so that everyone benefits from the new information?

There's no single "master" database. There's the IEEE database, and there's the Wireshark manuf.tmpl file, which adds entries that, for whatever reason, aren't in the IEEE database.

To update the IEEE database, you would have to contact the IEEE Registration Authority, and they might only accept an OUI value from the vendor to whom the OUI is assigned, so you might not be able to update that.

If not, you'd have to submit a patch to Wireshark to update the manuf.tmpl file to include the new ...(more)

Guy Harris gravatar imageGuy Harris ( 2018-10-29 02:35:05 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-10-28 13:14:40 +0000

Seen: 3,148 times

Last updated: Oct 28 '18

Related questions

Missing OUIs with OUI Lookup Tool

Wireshark OUI Lookup Tool Broken

Can I embed wireshark's OUI lookup in my website?

wireshark built-in database

Does Wireshark provide the ability to lookup strings like it does for values?

Get IP/host informations of an app.

Is there a way to view what machine utilized the packet capture for the trace file?

Can I reprogram / change the OUI using Wireshark, provided that it is not write protected / read only?

Storing packets on Data Base

MAC address without OUI