Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update OUI List

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    16 Posts 3 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markuhde
      last edited by

      Is there anyway to update the OUI list used by the DHCP leases screen? It's pretty outdated and most MAC addresses I'm seeing no longer list a vendor (maybe half and half).

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That comes from the nmap package. If you aren't using the most current version of the nmap package, reinstall it.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          markuhde
          last edited by

          @jimp:

          That comes from the nmap package. If you aren't using the most current version of the nmap package, reinstall it.

          It is the most current version of the  package so that probably needs updated in nmap

          1 Reply Last reply Reply Quote 0
          • M
            markuhde
            last edited by

            I didn't realize this came from nmap, so can a mod move it to packages where it belongs in hope the package maintainers find it?

            It looks like the current version of nmap is 6.25 and the pfSense package is 6.01. I'm guessing an update to the nmap package would update this OUI list.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              It's not that simple to decouple it from nmap, I believe there were some licensing reasons and such. It's easier just to keep tracking nmap and updating as needed.

              The nmap package will get updated in the near future, time allowing (probably before the end of the week)

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Newest nmap is up now.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • M
                  markuhde
                  last edited by

                  Thanks Jim, I guess the nmap people haven't been keeping the database updated because its still old - missing a few Apple OUI's for example.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Looks recent enough to me.

                    $Id: nmap-mac-prefixes 28250 2012-03-09 00:45:55Z fyodor $ generated with make-mac-prefixes.pl

                    Original data comes from http://standards.ieee.org/regauth/oui/oui.txt

                    These values are known as Organizationally Unique Identifiers (OUIs)

                    See http://standards.ieee.org/faqs/OUI.html

                    We have added a few unregistered OUIs at the end.

                    2 months old is pretty new for a software release.

                    Not sure why the missing ones aren't there. What are they? Are they in the IEEE data file here: http://standards.ieee.org/regauth/oui/oui.txt ?

                    The IEEE file isn't in a format we can use directly, which is why we use NMAP's list instead.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • M
                      markuhde
                      last edited by

                      B8-78-2E Apple
                      70-56-81 Apple Inc
                      78-D6-F0 Samsung Electro Mechanics
                      58-C3-8B Samsung Electronics
                      74-45-8A Samsung Electronics Co.,Ltd
                      98-B8-E3 Apple
                      80-96-B1 Motorola Mobility, LLC.
                      7C-FA-DF Apple
                      90-18-7C Samsung Electro Mechanics co., LTD.

                      There's just a few that are NOT recognized by pfSense in the DHCP leases list, all those entries come from the IEEE text file.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        I worked over the IEEE file a bit and compared it, there are actually a large number of them missing.

                        The IEEE file doesn't look terribly difficult to parse, though the company names are formatted a bit differently than those in the nmap file. It would be possible to make a little package that would download and update the file from the IEEE source, but the nmap list also contains a few entries (6 or so) that aren't in the IEEE list.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          Give this a spin from the shell (upload it to /root/update_oui.sh, then run it with "sh /root/update_oui.sh". It will download the OUI list from IEEE, add in the few from nmap that were not in the IEEE list, and then write it out in the proper format to be recognized by the GUI.

                          update_oui.sh.txt

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • M
                            markuhde
                            last edited by

                            @jimp:

                            Give this a spin from the shell (upload it to /root/update_oui.sh, then run it with "sh /root/update_oui.sh". It will download the OUI list from IEEE, add in the few from nmap that were not in the IEEE list, and then write it out in the proper format to be recognized by the GUI.

                            Done exactly as you said and it didn't change a thing - still tons of OUI's missing in the DHCP leases table.

                            1 Reply Last reply Reply Quote 0
                            • M
                              msi
                              last edited by

                              @markhude: Why not send a patch to the nmap guys so they can update the table?

                              It's just that they are already used to maintain a list - and they are already not alone (http://hackerific.net/2010/04/04/oui/) so I doubt why pfsense should also start delivering its own list or update script :-)

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                @markuhde
                                My script has a safety belt built-in that won't overwrite the nmap file if the downloaded file fails two different validity tests.

                                Check /tmp/oui-prefixes.txt and see if it's still there, and if it looks "sane". The script worked for me when I ran it here.

                                @MatSim
                                The nmap file is pretty out of date, even though the nmap source is up to date, so they're behind. They have an automated script, so a patch isn't likely to be helpful, but a nudge may be in order.

                                A separate script isn't necessarily a bad idea from an independence point of view. It would be nice to not have to depend on those other projects, which in turn depend on the IEEE list, when it's freely available to make a list of our own. The most likely outcome is that we make a package that includes these updated OUIs, not have people run the script directly on their firewalls. Someone could, if they really wanted to, but there's little reason to do so since not only would it put an extra burden on the IEEE server, but they don't change often enough to warrant that.

                                It would be nice to have it hooked into an update mechanism like the bogons, but again, I doubt they change so often that it would be warranted, and just updating a package now and then would be sufficient.

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • M
                                  markuhde
                                  last edited by

                                  It's not generating that, I'm getting no feedback at all when I run the script and checking immediately afterwards there is no /tmp/oui-prefixes.txt

                                  1 Reply Last reply Reply Quote 0
                                  • jimpJ
                                    jimp Rebel Alliance Developer Netgate
                                    last edited by

                                    This was stuck way back in my Inbox, meant to poke at it again.

                                    This works for me on a system that has no trace of nmap. Note that this is not the exact same script posted earlier in the thread, but an updated version.

                                    : /etc/rc.conf_mount_rw  (NanoBSD only)
                                    : cd /root; fetch -qo /root/ http://files.pfsense.org/jimp/update_oui.sh ; sh update_oui.sh
                                    : ls -l /usr/local/share/nmap/nmap-mac-prefixes
                                    -rw-r--r--  1 root  wheel  520508 Jul 16 13:03 /usr/local/share/nmap/nmap-mac-prefixes
                                    
                                    

                                    I was going to make a package for it, but then I thought better of it. We don't need an extra 0.5MB in the package repo and it will need to be manually kept up to date and it's just not really worth the hassle. If we gzip it we'd have to put it on another server (no binaries allowed in the pkg repo) and it would be more difficult not only to update it, but to remember to update it and bump the pkg version, etc. Most people are OK with the nmap version, those that aren't can just grab this and run it manually.

                                    If I can get some confirmation that it works I'll write up a short doc wiki article on it.

                                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.