Hi List!
The current Ethernet manuf name resolving (resolve the manufacturer name - the
first three bytes of the Ethernet address, e.g. 04:05:06 -> Xerox) doesn't work
if the address uses the Ethernet broadcast or locally administered flags (see
http://wiki.wireshark.org/Ethernet?highlight=%28ethernet%29#head-93bbcf02a0070b56eaae6b5f3f4ba6112c64522a
for details about these flags).
Currently only the resolving of 04:05:06 -> Xerox does work, 05:05:06, 06:05:06
and 07:05:06 are not resolved, although the manufaturer part is the same.
I've implemented an experimental change in epan/addr_resolv.c, which strips
down both flags before doing the actual manuf resolvings - which is working
well:
04:05:06 -> Xerox
05:05:06 -> Xerox
06:05:06 -> Xerox
07:05:06 -> Xerox
Unfortunately, this "hides" both flags a little bit (although the display of
these flags wasn't very "prominent" already before), so I'm unsure if the
change should go into the Wireshark sources or not.
I think only the manuf resolvings as described above should be changed, the wka
(well-known-addresses) aka full address resolution (00-E0-2B-00-00-00 ->
Extreme-EDP) should not be changed.
Comments?
Regards, ULFL
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!
Mehr Infos unter http://produkte.web.de/club/?mc=021131
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
