# MAC Name resolution

I have looked for the ethers file, but it does not exist in any wireshark directory, I am using window 10 x64. I have created the ethers file and placed in every directory I can think to place it in, but I am still unable to have the MACs resolved to names. I have even added the MACs I want resolved to the wka file, as that actually exists.

I have restarted wireshark after every change I have made. Resolve MAC addresses is enabled in preferences > name resolution.

edit retag close merge delete

Sort by » oldest newest most voted

I found that I can add MAC addresses and host names for them to resolve to in the manuf file in the wireshark program directory.

more

But if you put the same entries into a new ethers file in the same directory, it doesn't work?

( 2019-04-08 19:37:29 +0000 )edit

Correct. I think it may have been a file type issue, since the file didn't exist to begin with. When I edited the manuf file, I had to move it out of this directory to edit and move it back because my permissions would not allow me to save something within that directory, but i could paste something into it, or delete files, which doesn't make sense.. I would have to ask our administrator about those permissions.

( 2019-04-09 12:11:46 +0000 )edit

There is no "ethers" file by default, so indeed you need to create it yourself. I just tested this on Wireshark 2.6.7 and can confirm that it does work with the following caveats:

1. The "ethers" file will only be read at the startup of Wireshark (so reloading a file or reading a new one will not load it, which one might consider a bug)
2. The "ethers" resolving is not configuration profile aware, this means the "ethers" file in your default personal preferences folder will be used (and it will be used with all profiles). "ethers" files in Configuration profile directories are ignored (which one might consider a bug).

The file format of the ethers file is:

xx:xx:xx:xx:xx:xx    host-xxx

more

Is there a specific file type the file needs to be saved as? I have closed and restarted wireshark with every iteration I have tried. I tried with your formatting with spaces, with tabs (as it looks like you have), with the host-name format, with just the name. I reinstalled wireshark, and still no luck. I have been trying in the default view, and tried in other profiles each time.

( 2019-04-08 11:50:56 +0000 )edit

Which version of Wireshark are you using and on what OS?

( 2019-04-09 08:12:43 +0000 )edit

I was using version 3 on windows 10, but have uninstalled and am using v2.6.7.0 now, but have not tried to change or look for an ethers file yet. I made this change due to other issues I was having with wireshark crashing.

( 2019-04-09 12:12:09 +0000 )edit

If you want to know where files are, go to the About Wireshark dialog. On the Folder panel you'll see the directories for the different kind of files listed there. The ethers file you are looking for is in the folder listed as System.

more

The problem is that it isn't actually there. I did see it listed as a "Typical file" there in the about wireshark > folders tab, but the file did not exist in that directory. As I said, I created the file because it didn't exist, but it still did not work.

( 2019-04-06 15:58:04 +0000 )edit