This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
First Last Prev Next    This bug is not in your last search results.
Bug 85389 - arpwatch does not correctly determine vendor information for ethernet nics
arpwatch does not correctly determine vendor information for ethernet nics
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-28 18:27 EST by Ken Snider
Modified: 2007-04-18 12:51 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-05 10:56:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Ken Snider 2003-02-28 18:27:26 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030211

Description of problem:
Just started arpwatch on my network, noticed the following:

            hostname: dwsp-10-0-0-21-tor-dcn.dw
          ip address: 10.0.0.21
    ethernet address: 0:3:ba:5:19:50
     ethernet vendor: <unknown>
           timestamp: Friday, February 28, 2003 22:56:04 +0000

That record *is* in ethercodes.dat:

[root@common arpwatch]# cat ethercodes.dat | grep '0:3:ba'
0:3:ba  Sun Microsystems

..and the file itslef is readable by arpwatch:

[root@common arpwatch]# ls -l ethercodes.dat
-r--r--r--    1 pcap     pcap       186208 Feb 28 23:03 ethercodes.dat

Further, only *some* vendor ID's are not decoded. Others are decoded just fine.

??? :)

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. install arpwatch rpm
2. /etc/init.d/arpwatch start
3. ping server with host with the above mac vendor
    

Actual Results:  <unknown> as vendor

Expected Results:  Sun Microsystems as vendor
Comment 1 Harald Hoyer 2003-03-10 10:30:10 EST 
really strange :)
Comment 2 Harald Hoyer 2004-02-05 09:50:42 EST 
does it work with the current arpwatch?
Comment 3 Ken Snider 2004-02-05 10:56:03 EST 
Seems to! :)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.