Ask Your Question
0

MAC Name resolution

asked 2019-04-06 14:29:32 +0000

bwinslow gravatar image

I have looked for the ethers file, but it does not exist in any wireshark directory, I am using window 10 x64. I have created the ethers file and placed in every directory I can think to place it in, but I am still unable to have the MACs resolved to names. I have even added the MACs I want resolved to the wka file, as that actually exists.

I have restarted wireshark after every change I have made. Resolve MAC addresses is enabled in preferences > name resolution.

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2019-04-08 19:20:47 +0000

bwinslow gravatar image

I found that I can add MAC addresses and host names for them to resolve to in the manuf file in the wireshark program directory.

edit flag offensive delete link more

Comments

But if you put the same entries into a new ethers file in the same directory, it doesn't work?

Guy Harris gravatar imageGuy Harris ( 2019-04-08 19:37:29 +0000 )edit

Correct. I think it may have been a file type issue, since the file didn't exist to begin with. When I edited the manuf file, I had to move it out of this directory to edit and move it back because my permissions would not allow me to save something within that directory, but i could paste something into it, or delete files, which doesn't make sense.. I would have to ask our administrator about those permissions.

bwinslow gravatar imagebwinslow ( 2019-04-09 12:11:46 +0000 )edit
0

answered 2019-04-07 21:59:25 +0000

SYN-bit gravatar image

There is no "ethers" file by default, so indeed you need to create it yourself. I just tested this on Wireshark 2.6.7 and can confirm that it does work with the following caveats:

  1. The "ethers" file will only be read at the startup of Wireshark (so reloading a file or reading a new one will not load it, which one might consider a bug)
  2. The "ethers" resolving is not configuration profile aware, this means the "ethers" file in your default personal preferences folder will be used (and it will be used with all profiles). "ethers" files in Configuration profile directories are ignored (which one might consider a bug).

The file format of the ethers file is:

xx:xx:xx:xx:xx:xx    host-xxx
yy:yy:yy:yy:yy:yy    host-yada
edit flag offensive delete link more

Comments

Is there a specific file type the file needs to be saved as? I have closed and restarted wireshark with every iteration I have tried. I tried with your formatting with spaces, with tabs (as it looks like you have), with the host-name format, with just the name. I reinstalled wireshark, and still no luck. I have been trying in the default view, and tried in other profiles each time.

bwinslow gravatar imagebwinslow ( 2019-04-08 11:50:56 +0000 )edit

Which version of Wireshark are you using and on what OS?

SYN-bit gravatar imageSYN-bit ( 2019-04-09 08:12:43 +0000 )edit

I was using version 3 on windows 10, but have uninstalled and am using v2.6.7.0 now, but have not tried to change or look for an ethers file yet. I made this change due to other issues I was having with wireshark crashing.

bwinslow gravatar imagebwinslow ( 2019-04-09 12:12:09 +0000 )edit
0

answered 2019-04-06 15:54:08 +0000

Jaap gravatar image

If you want to know where files are, go to the About Wireshark dialog. On the Folder panel you'll see the directories for the different kind of files listed there. The ethers file you are looking for is in the folder listed as System.

edit flag offensive delete link more

Comments

The problem is that it isn't actually there. I did see it listed as a "Typical file" there in the about wireshark > folders tab, but the file did not exist in that directory. As I said, I created the file because it didn't exist, but it still did not work.

bwinslow gravatar imagebwinslow ( 2019-04-06 15:58:04 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-04-06 14:29:32 +0000

Seen: 78 times

Last updated: Apr 08