This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey there,

i came across an interesting MAC address related to a troubleshooting issue.

There was a device using MAC address 19:02:16:08:vw:xy and i wonder where this address comes from. OUI has no info about 19:02:16 - so i googled for the string and found several forums etc. where people asked questions about systems having those MAC addresses. The vendors are widely spread like linksys, dlink, siemens and so on, but all those had this special MAC plus (!) the next byte in all cases was "08"

So has anyone an idea, what those 19:02:16:08:xx:xx addresses could be?

asked 25 Nov '11, 05:09

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%


Looks like a local IP address is being encoded in a locally assigned mac-address. This might be on purpose or it might be some malware that does this. If you say multiple devices do this... hmmm...

permanent link

answered 25 Nov '11, 14:33

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Great Idea - that could fit the scheme! Malware was also one of my thoughts, gotta go after that one

(26 Nov '11, 05:01) Landi

Reinstall your NIC driver - make sure you have the latest version.

permanent link

answered 25 Nov '11, 18:10

wesmorgan1's gravatar image

wesmorgan1
411101221
accept rate: 4%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×157
×48
×11

question asked: 25 Nov '11, 05:09

question was seen: 4,136 times

last updated: 26 Nov '11, 05:01

p​o​w​e​r​e​d by O​S​Q​A