Re: I would like to ask my following two questions:

[Stephen Fisher <steve () stephen-fisher com>]

On Dec 14, 2009, at 8:58 AM, Juergen Koerner wrote:

> 1.
> Our network-analyzes are heavily based on MAC-addresses.
> Associated with that I am searching for a "translation"-tool (like  
> "\application data\wireshark\hosts") that allows to replace an IP- 
> Addr with a clear host-name.
> Do have any idea how use this easy to handle hosts-table also for  
> MAC-addresses ?

This can be put in an ethers file.  See Help->About->Folders for the  
location of the ethers file(s) that Wireshark looks for.  Search this  
page for ethers until you get to the longer description for an example  
of how to use it: http://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html

> 2.
> Do you know, where (in which file) wireshark resolves the names  
> based on the first three bytes of the MAC-address (e.g.  
> 08:00:06:01:02:03 is resolved to Siemens_01:02:03) ?

See Jaap's e-mail for an answer to this question.


Steve
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe