This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I just ran into an issue with wireshark suggesting a machine was talking to a Microsoft NLB when it fact it wasn't. The reasion is the manuf file in the global configurtion folder containing following entries:

02-BF-00-00-00-00/16 MS-NLB-VirtServer
02-01-00-00-00-00/16 MS-NLB-PhysServer-01
02-02-00-00-00-00/16 MS-NLB-PhysServer-02
...
02-1e-00-00-00-00/16 MS-NLB-PhysServer-30
02-1f-00-00-00-00/16 MS-NLB-PhysServer-31
02-20-00-00-00-00/16 MS-NLB-PhysServer-32

It took me quite some time and embarassing discussions to figure that one out. So I went to IEEE OUI search and couldn't find those prefixes assigned here.

Easy enough for me to comment those out now (and replace it with a new assignement matching this installations names). But then, this goes into global configuration folder and will probably be overridden when I upgrade wireshark.

Is there a way to create a personalized manuf (not ethers) to assign Names to MAC prefixes that will take precedence that I could use for this purpose?

Help -> About Wireshark -> Folders does not indicate that this is possible...

asked 08 May '13, 23:24

mrEEde2's gravatar image

mrEEde2
3364614
accept rate: 20%


These entries come from the "Microsoft Windows 2000 Server Operating System Network Load Balancing Technical Overview White Paper", section "Distribution of Cluster Traffic". Since these addresses are marked 'Locally administered' you will not find them in the IEEE OUI database, you are running into the situation where your locally assigned MAC addresses conflict with the ones Wireshark just happen to know otherwise. Wireshark supports no other mechanism than ethers for this on a personal preferences level.

permanent link

answered 09 May '13, 08:03

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks for the answer

(10 May '13, 12:58) mrEEde2
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×157
×20
×11
×4
×1

question asked: 08 May '13, 23:24

question was seen: 9,278 times

last updated: 10 May '13, 12:58

p​o​w​e​r​e​d by O​S​Q​A