Pfsense get MAC-Adress Manufacturer

Gertjan

My DHCP Leaes page loads just fine for me, never had any issues ( I do not have DNS / unbound issue, I'm resolving ).
The question was about the added vendor name info :

Arpwatch uses / loads an nearly identical file : the first 6 digits of a all known MAC vendor codes.
Arpwatch uses another file format, they add ':' in the MAC addresses - see my post above.

To answer the initial question : "Pfsense get MAC-Adress Manufacturer " : install have to install a pfSense called 'nmap' and 'suddenly', on several GUI pages, the vendor name is added to the MAC addresses of our devices.

@fireodo said in Pfsense get MAC-Adress Manufacturer:

how is pfsense getting the name of the manufacturer of network devices by the MAC-Adress? Is there a build in database?

The answer is : install nmap.

@johnpoz said in Pfsense get MAC-Adress Manufacturer:

but might be nice if you didn't have to install any packages to get this info..

I that.

This would mean that there would be another file that needs to be installed and auto updated ?
Like 'bogons' and 'bogons6' and probably more.
=> another thing that can fail, and has to be supported.

The mac vendor code file would will still be present in the packages arpwatch and nmap ...

I know where it is now, and Google will help me remembering it ;)

johnpoz

@gertjan yeah no not that it wouldn't load - but that it wouldn't have the vendor info added to the mac address ;)

Sounded like the dhcp pages was only looking for the vendor info in the nmap location?

serbus

Hello!

You can always...

mkdir /usr/local/share/nmap

curl -o /usr/local/share/nmap/nmap-mac-prefixes https://raw.githubusercontent.com/nmap/nmap/master/nmap-mac-prefixes

...at your own risk.

John

Gertjan

@johnpoz

The DHCP Status page loads the dhcpleases file, and, if it exists, a file with MAC-vendor info. If it finds the file, MAC's are shown with this vendor info. For the file to exist, the pfSense nmap package has to be installed.
If this is not the case, then that is no issue at all. You just won't see the vendor info.

Gertjan

@serbus
Thanks !
Nice clean & lean.

johnpoz

@gertjan hahaha - not sure why having a hard time asking this question..

So it doesn't look at the vendor info that arpwatch adds.. If you have arpwatch package installed, but not nmap - then your dhcp lease table will not list the vendor info ;)

fireodo

Thanks to all for the "Enlightenment" (especially at @serbus for the clean solution)

Wish you a good WeekEnd!

Dobby_

@fireodo said in Pfsense get MAC-Adress Manufacturer:

Hi,

just for my curiosity: how is pfsense getting the name of the manufacturer of network devices by the MAC-Adress? Is there a build in database?

Example here:

LAN Interface (lan, igb0)
MAC-Adress xx:0d:xx:4d:aa:c4 - PC Engines GmbH

WIFI Interface (opt1, ath0_wlan0)
MAC-Adress xx:9a:xx:a4:c7:c8 - Apple

(from Status/Interfaces)

Thanks,
fireodo

An OUI {Organizationally Unique Identifier} is a 24-bit number that uniquely identifies a vendor or manufacturer. They are purchased and assigned by the IEEE. The OUI is basically the first three octets of a MAC address.

More information about and well explained

serbus

Hello!

As far as I can tell, the current pfsense code doesnt parse or use the nmap-mac-prefixes file correctly - you might see "Ieee Registration Authority" listed when there is actually more detailed ownership info in the file. Its not that what it displays sometimes is completely wrong (maybe), but it could be more right (definitely), and it burns resources without being better.

I think hw mac ownership checking would need some love to become more accurate and informative. Personally, its one of the first things I look at when I ask, "Who/what is that hooking up to my network?!?!". It would also be nice if it highlighted LAAs.

Redmine references

John