Nmap dependency for mac manufacturer lookup



  • I haven't filled out a bug report or anything yet, but I noticed it was necessary to have nmap installed to get the list of mac manufacturers (https://github.com/pfsense/pfsense/blob/76e656ba88d63ba812a1b1b736336da9aa8f996e/etc/inc/pfsense-utils.inc#L2482) otherwise that file doesn't exist and doesn't pull in the data.  That's fine, but if the user wanted them without nmap, it's not immediately intuitive how to get that information.  I also didn't know that information was available until browsing the source.

    Should the documentation be updated?  Should the file be included with the base install?  Or…  (and in all probability) is this not a bug?

    Thanks!



  • It's been discussed on the forum before (https://forum.pfsense.org/index.php?topic=36760.0) but I don't see anything on the wiki about it.  nmap dependency is documented in 2.1 features here https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes, but I agree it could be more prominent.

    Why not include a button under system -> advanced -> firewall that would get the file for you, similar to the bogons file.  Could be 'on-demand' only since it doesn't change as often as the bogons file.  Does the nmap package install code for periodic updates of the file?



  • try this command
    mkdir -p /usr/local/share/nmap/; fetch -o /usr/local/share/nmap/nmap-mac-prefixes http://nmap.org/svn/nmap-mac-prefixes


  • Rebel Alliance Developer Netgate

    Once upon a time I started but haven't yet completed a script to automatically pull the OUI info from a central location automatically.

    #!/bin/sh
    #
    # Run me to update the file in the package repo.
    #
    OUI_URL=http://standards.ieee.org/develop/regauth/oui/oui.txt
    OUI_FILE=/usr/local/share/nmap/nmap-mac-prefixes
    #OUI_FILE=nmap-mac-prefixes
    TEMP_FILE=/tmp/oui-prefixes.txt
    
    # Prepare file
    if [ -f ${TEMP_FILE} ]; then
            rm -f ${TEMP_FILE}
    fi
    
    echo "# Raw data obtained from ${OUI_URL}"  > ${TEMP_FILE}
    echo "# Unregistered OUIs at the end are from NMAP - http://nmap.org/" >> ${TEMP_FILE}
    
    /usr/bin/fetch -qo - ${OUI_URL} | /usr/bin/grep "base 16" | /usr/bin/sed -r 's/[[:blank:]]+/ /g' | /usr/bin/cut -c2-7,18- >> ${TEMP_FILE}
    
    # Make sure it's valid
    # Line count should be over 17,000
    OUTPUT_WORD_COUNT=`/usr/bin/wc -l ${TEMP_FILE} | /usr/bin/awk '{print $1;}'`
    
    # Spot check one line should contain  "589CFC.*FreeBSD"
    OUTPUT_CHECK=`/usr/bin/grep -ci "589CFC.*FreeBSD" ${TEMP_FILE}`
    
    if [ ${OUTPUT_WORD_COUNT} -gt 17000 ] && [ ${OUTPUT_CHECK} = 1 ]; then
            # Stuff in some missing prefixes
            echo "00FFD1 Cooperative Linux virtual NIC" >> ${TEMP_FILE}
            echo "2C7AFE IEE&E Black ops" >> ${TEMP_FILE}
            echo "525400 QEMU Virtual NIC" >> ${TEMP_FILE}
            echo "B0C420 Bochs Virtual NIC" >> ${TEMP_FILE}
            echo "DEADCA PearPC Virtual NIC" >> ${TEMP_FILE}
            echo "F0FB56 Apple" >> ${TEMP_FILE}
            if [ -f ${OUI_FILE} ]; then
                    rm -f ${OUI_FILE}
            fi
            mkdir -p `/usr/bin/dirname ${OUI_FILE}`
            mv ${TEMP_FILE} ${OUI_FILE}
    fi
    

    I don't know if the folks at ieee.org would want us all pulling that info from them automatically though :-)

    From my comments I was apparently thinking we'd run that periodically as its own package, but it could probably be put into base if we keep up our current pace of releases.



  • I didn't see any restrictive licensing clauses … Can you distribute the data, and provide a button for manual updates?  That would seem to minimize traffic to their site.

    Have to admit, I didn't know about this feature, but since I fetched the file by hand I find it quite helpful.


  • Netgate Administrator

    +1 for having this (or something similar) in the base. It really can be massively helpful when checking logs etc to know the manufacturer.

    Steve


  • Rebel Alliance Developer Netgate

    It may find its way in eventually.

    I updated the script with a change to check for FreeBSD rather than Google as a sanity check, because they have their own allocation now :-)

    I wouldn't expect it to be in 2.2 but maybe something after.

    I'm not sure how often that file changes, a manual update button may not be worth the effort.


  • Rebel Alliance Developer Netgate

    Added a ticket, target=future

    https://redmine.pfsense.org/issues/3882