Under Ubuntu 14.04, MAC manufacturer resolution (e.g. mapping 00:09:5b:01:02:03 → Netgear_01:02:03) works fine when using the version from the repositories. However, I wanted to use the latest wireshark version so installed from source. Configure options are: But following installation, MAC resolution does not work despite being enabled. Build is fine and presents in both Wireshark (QT5, GTK3 build) and TShark. This is true for both normal MAC fields (e.g. wlan.sa) as well as those with the new "_resolved" extension (wlan.sa_resolved). My manuf file (as provided from the wireshark website) is located in /etc/. The problem still persists even if I try alternative locations including /usr/share/wireshark/, /usr/local/share/wirshsark/ or ~/.wireshark/. Any ideas? asked 07 Aug '14, 17:50  ebafaux edited 10 Aug '14, 16:07  Guy Harris ♦♦ |
One Answer:
Open the Wireshark Help dialog and look in the "Folders" tab for the locations of the "Personal Configuration" and "Global Configuration" folders. The file "manuf" should be in one of those locations to work. answered 08 Aug '14, 02:54  grahamb ♦ I just installed wireshark 1.12.0 on win7 and mac resolution doesn't work anymore, reverted back to 1.10.9 everything is ok. Did not modify the existing manuf that comes with the installation ... (10 Aug '14, 07:38) mrEEde I can confirm that for Version 1.12.0-rc2-125-g8a47b3a (10 Aug '14, 07:59) Kurt Knochner ♦ 2 I believe this bug (regression) was very recently fixed... (10 Aug '14, 08:11) Bill Meier ♦♦ |
Was using 1.12.0 and noticed Layer 2 captures were no longer showing name resolution either. Removed 1.12.0 and went back to 1.10.9 and everything's fine again. BOO! :-)