Hello, I just ran into an issue with wireshark suggesting a machine was talking to a Microsoft NLB when it fact it wasn't. The reasion is the manuf file in the global configurtion folder containing following entries: It took me quite some time and embarassing discussions to figure that one out. So I went to IEEE OUI search and couldn't find those prefixes assigned here. Easy enough for me to comment those out now (and replace it with a new assignement matching this installations names). But then, this goes into global configuration folder and will probably be overridden when I upgrade wireshark. Is there a way to create a personalized manuf (not ethers) to assign Names to MAC prefixes that will take precedence that I could use for this purpose? Help -> About Wireshark -> Folders does not indicate that this is possible... asked 08 May '13, 23:24  mrEEde2 |
One Answer:
These entries come from the "Microsoft Windows 2000 Server Operating System Network Load Balancing Technical Overview White Paper", section "Distribution of Cluster Traffic". Since these addresses are marked 'Locally administered' you will not find them in the IEEE OUI database, you are running into the situation where your locally assigned MAC addresses conflict with the ones Wireshark just happen to know otherwise. Wireshark supports no other mechanism than ethers for this on a personal preferences level. answered 09 May '13, 08:03  Jaap ♦ |
Thanks for the answer