From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030211

Description of problem:
Just started arpwatch on my network, noticed the following:

            hostname: dwsp-10-0-0-21-tor-dcn.dw
          ip address: 10.0.0.21
    ethernet address: 0:3:ba:5:19:50
     ethernet vendor: <unknown>
           timestamp: Friday, February 28, 2003 22:56:04 +0000

That record *is* in ethercodes.dat:

[root@common arpwatch]# cat ethercodes.dat | grep '0:3:ba'
0:3:ba  Sun Microsystems

..and the file itslef is readable by arpwatch:

[root@common arpwatch]# ls -l ethercodes.dat
-r--r--r--    1 pcap     pcap       186208 Feb 28 23:03 ethercodes.dat

Further, only *some* vendor ID's are not decoded. Others are decoded just fine.

??? :)

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. install arpwatch rpm
2. /etc/init.d/arpwatch start
3. ping server with host with the above mac vendor
    

Actual Results:  <unknown> as vendor

Expected Results:  Sun Microsystems as vendor