We installed arpwatch on our network late last week and discovered that the MAC<->Manufacturer table was a few years out of date. We were able to convert nmap's table to arpwatch's format, but still ended up with a slightly-out-of-date table.
The following script gets the current data from IEEE and formats it for nmap and arpwatch:
#!/bin/bash
# update_mac_addresses.sh
# This script downloads the currect mac address data from the IEEE and parses it for nmap and arpwatch.
# nmap-mac-prefixes is for nmap.
# ethercodes.dat is arpwatch.
# Download the current data
wget http://standards.ieee.org/regauth/oui/oui.txt
# Divide the data into Manufacturer and Address files
cat oui.txt | grep '(base 16)' | cut -f3 > mac.manufacturer
cat oui.txt | grep '(base 16)' | cut -f1 -d' ' > mac.address
# Paste them back together for nmap data
paste mac.address mac.manufacturer > nmap-mac-prefixes
# Parse the address data for arpwatch
cat mac.address | perl -pe 's/^(([^0].)|0(.))(([^0].)|0(.))(([^0].)|0(.))/\2\3:\5\6:\8\9/' > tmp.address
cat tmp.address | tr [A-Z] [a-z] > mac.address
# Paste the parsed data into the arpwatch file
paste mac.address mac.manufacturer > ethercodes.dat
# Clean up intermediary files
rm tmp.address
rm mac.address
rm mac.manufacturer
rm oui.txt
# update_mac_addresses.sh
# This script downloads the currect mac address data from the IEEE and parses it for nmap and arpwatch.
# nmap-mac-prefixes is for nmap.
# ethercodes.dat is arpwatch.
# Download the current data
wget http://standards.ieee.org/regauth/oui/oui.txt
# Divide the data into Manufacturer and Address files
cat oui.txt | grep '(base 16)' | cut -f3 > mac.manufacturer
cat oui.txt | grep '(base 16)' | cut -f1 -d' ' > mac.address
# Paste them back together for nmap data
paste mac.address mac.manufacturer > nmap-mac-prefixes
# Parse the address data for arpwatch
cat mac.address | perl -pe 's/^(([^0].)|0(.))(([^0].)|0(.))(([^0].)|0(.))/\2\3:\5\6:\8\9/' > tmp.address
cat tmp.address | tr [A-Z] [a-z] > mac.address
# Paste the parsed data into the arpwatch file
paste mac.address mac.manufacturer > ethercodes.dat
# Clean up intermediary files
rm tmp.address
rm mac.address
rm mac.manufacturer
rm oui.txt
Credit to Jonathan C. for the perl regex.
UPDATE!!!
If the resulting nmap file (nmap-mac-prefixes) is installed, nmap will not run successfully. If you've already copied the nmap data file, you'll have to roll back to the data file installed with nmap.
5 comments:
Very useful. Thanks.
You sir, have saved me a good bit of time, thank you!
The software's for changing MAC Address fails to update the MAC Address of the network adapter.But thank god i got this solution.Thanks for sharing.
Thanks
Silvester Norman
Change Mac Address
Thanks for this. I made a small change to make it work, possibly because the input file format has changed. I changed the second cut statement to this:
cat oui.txt | grep '(base 16)' | cut -f3 -d' ' > mac.address
With the fix from Norman - great work, thx for this. The address has permanently moved to
http://standards-oui.ieee.org/oui.txt
Post a Comment