Hi List!
The current Ethernet manuf name resolving (resolve the manufacturer name - the first three bytes of the Ethernet address, e.g. 04:05:06 -> Xerox) doesn't work if the address uses the Ethernet broadcast or locally administered flags (see http://wiki.wireshark.org/Ethernet?highlight=%28ethernet%29#head-93bbcf02a0070b56eaae6b5f3f4ba6112c64522a for details about these flags).
Currently only the resolving of 04:05:06 -> Xerox does work, 05:05:06, 06:05:06 and 07:05:06 are not resolved, although the manufaturer part is the same.
I've implemented an experimental change in epan/addr_resolv.c, which strips down both flags before doing the actual manuf resolvings - which is working well:
04:05:06 -> Xerox
05:05:06 -> Xerox
06:05:06 -> Xerox
07:05:06 -> Xerox
Unfortunately, this "hides" both flags a little bit (although the display of these flags wasn't very "prominent" already before), so I'm unsure if the change should go into the Wireshark sources or not.
I think only the manuf resolvings as described above should be changed, the wka (well-known-addresses) aka full address resolution (00-E0-2B-00-00-00 -> Extreme-EDP) should not be changed.
Comments?
Regards, ULFL
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!
Mehr Infos unter http://produkte.web.de/club/?mc=021131
