Wireshark-dev: [Wireshark-dev] Strip Ethernet broadcast / locally administered flags from addre
From: Ulf Lamping <[email protected]>
Date: Tue, 14 Aug 2007 18:25:20 +0200
Hi List!

The current Ethernet manuf name resolving (resolve the manufacturer name - the first three bytes of the Ethernet address, e.g. 04:05:06 -> Xerox) doesn't work if the address uses the Ethernet broadcast or locally administered flags (see http://wiki.wireshark.org/Ethernet?highlight=%28ethernet%29#head-93bbcf02a0070b56eaae6b5f3f4ba6112c64522a for details about these flags).

Currently only the resolving of 04:05:06 -> Xerox does work, 05:05:06, 06:05:06 and 07:05:06 are not resolved, although the manufaturer part is the same.

I've implemented an experimental change in epan/addr_resolv.c, which strips down both flags before doing the actual manuf resolvings - which is working well:

04:05:06 -> Xerox
05:05:06 -> Xerox
06:05:06 -> Xerox
07:05:06 -> Xerox

Unfortunately, this "hides" both flags a little bit (although the display of these flags wasn't very "prominent" already before), so I'm unsure if the change should go into the Wireshark sources or not.

I think only the manuf resolvings as described above should be changed, the wka (well-known-addresses) aka full address resolution (00-E0-2B-00-00-00 -> Extreme-EDP) should not be changed.


Regards, ULFL
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!		
Mehr Infos unter http://produkte.web.de/club/?mc=021131