Wireshark-users: Re: [Wireshark-users] I would like to ask my following two questions:

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Dec 2009 11:49:36 -0700

On Dec 14, 2009, at 8:58 AM, Juergen Koerner wrote:

1.
Our network-analyzes are heavily based on MAC-addresses.
Associated with that I am searching for a "translation"-tool (like "\application data\wireshark\hosts") that allows to replace an IP- Addr with a clear host-name. Do have any idea how use this easy to handle hosts-table also for MAC-addresses ?

This can be put in an ethers file. See Help->About->Folders for the location of the ethers file(s) that Wireshark looks for. Search this page for ethers until you get to the longer description for an example of how to use it: http://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html

2.
Do you know, where (in which file) wireshark resolves the names based on the first three bytes of the MAC-address (e.g. 08:00:06:01:02:03 is resolved to Siemens_01:02:03) ?

See Jaap's e-mail for an answer to this question.


Steve