Netdiscover keeps showing a lot of "Unknown vendor" devices, when I generally can find the vendor pretty quickly via Google. Is there any way to manually update whatever OUI list Netdiscover uses?
1
- An alternative solution: obtain this list by command line with another program: unix.stackexchange.com/questions/248769/…Sopalajo de Arrierez– Sopalajo de Arrierez2015-12-15 00:40:36 +00:00Commented Dec 15, 2015 at 0:40
Add a comment |
1 Answer
EDITED after having found the update script.
The OUI list is compiled into the Netdiscover binary, so you'll have to recompile it to update the list. You can download the source from the Netdiscover site, but the releases (up through 0.3beta6) are very old (circa 2007), so download a snapshot.
The list itself is stored in src/oui.h in the Netdiscover source tree. You can edit this manually if you like, but there is also a generator script called update-oui-database.sh which downloads oui.txt from the IEEE and regenerates src/oui.h from scratch. Run this script before compiling.
It looks like the standard ./configure && make && make install will compile and install the program. (If ./configure does not exist, you may need to run the ./autogen.sh script first.) By default it installs into /usr/local/sbin, but read through the output of ./configure --help to make sure.
I originally suggested sending the oui.h changes back to the author, but since there's a script, he's not likely to find submitted changes helpful.
- Does
&&work in linux like it does in Windows/DOS? I seem to recall being told that the linux equivalent to&&was;.Iszi– Iszi2011-11-23 00:22:51 +00:00Commented Nov 23, 2011 at 0:22 - Took OUI.txt from IEEE, broke out the hex prefixes and org names into two columns in Excel, used CONCATENATE() to put them together into a pattern that matched the format in oui.h, replaced the lines in oui.h as applicable (including the Total line) and re-compiled. Ran into an error with quotation marks where they don't belong. Fixed that as best as I could, recompiled, and now have a buffer overflow when
netdiscovertries to list the first device. For now, I've nuked the buggednetdiscoverand re-installed viaapt-get. Any other ideas?Iszi– Iszi2011-11-23 04:17:16 +00:00Commented Nov 23, 2011 at 4:17 - Did you remember the
{ NULL, NULL }entry at the end of the list? That's how the program knows where the list ends; if it doesn't find that entry, you get a buffer overrun. The Total line is a comment for human consumption only; it's good to update it but not necessary.Jander– Jander2011-11-23 07:47:25 +00:00Commented Nov 23, 2011 at 7:47 - In Linux (more specifically, in the POSIX shell language),
&&means "Run the following command only if the preceding command succeeds".;means simply "Run the following command after the preceding command has finished."Jander– Jander2011-11-23 07:51:57 +00:00Commented Nov 23, 2011 at 7:51 - Thanks for the
&&vs;lesson. Nice to know. Yes, I remembered the{ NULL, NULL }. More precisely, I didn't touch it at all. I only highlighted the lines that had the MAC addresses and company names, then pasted in my list over it. The NULL line and everything else shifted around it.Iszi– Iszi2011-11-23 15:12:31 +00:00Commented Nov 23, 2011 at 15:12