new: using wireshark manufacturers file instead of oui.dat (closes #303)

2025-07-16 10:03:39 -07:00 · 2018-09-09 18:48:41 +03:00 · 2018-09-09 18:48:41 +03:00 · 976465959e
commit 976465959e
parent 7ef447e726
13 changed files with 70433 additions and 45957 deletions
--- a/9
+++ b/9
@ -9,14 +9,13 @@ deps: godep golint gomegacheck
 build: resources
 	@go build -o $(TARGET) .

-resources: network/oui.go
+resources: network/manuf.go

-network/oui.go:
-	@python ./network/make_oui.py
+network/manuf.go:
+	@python ./network/make_manuf.py

 clean:
-	@rm -rf $(TARGET).*
-	@rm -rf $(TARGET)*
+	@rm -rf $(TARGET)
 	@rm -rf build

 install:
--- a/modules/wifi_recon.go
+++ b/modules/wifi_recon.go
@ -106,7 +106,7 @@ func (w *WiFiModule) discoverProbes(radiotap *layers.RadioTap, dot11 *layers.Dot

 	w.Session.Events.Add("wifi.client.probe", WiFiProbe{
 		FromAddr:   dot11.Address2,
-		FromVendor: network.OuiLookup(dot11.Address2.String()),
+		FromVendor: network.ManufLookup(dot11.Address2.String()),
 		FromAlias:  w.Session.Lan.GetAlias(dot11.Address2.String()),
 		SSID:       string(req.Contents[2 : 2+size]),
 		RSSI:       radiotap.DBMAntennaSignal,
--- a/network/ble_device.go
+++ b/network/ble_device.go
@ -30,7 +30,7 @@ func NewBLEDevice(p gatt.Peripheral, a *gatt.Advertisement, rssi int) *BLEDevice
 	return &BLEDevice{
 		LastSeen:      time.Now(),
 		Device:        p,
-		Vendor:        OuiLookup(NormalizeMac(p.ID())),
+		Vendor:        ManufLookup(NormalizeMac(p.ID())),
 		Advertisement: a,
 		RSSI:          rssi,
 	}
--- a/network/lan_endpoint.go
+++ b/network/lan_endpoint.go
@ -47,7 +47,7 @@ func NewEndpointNoResolve(ip, mac, name string, bits uint32) *Endpoint {
 		SubnetBits:       bits,
 		HwAddress:        mac,
 		Hostname:         name,
-		Vendor:           OuiLookup(mac),
+		Vendor:           ManufLookup(mac),
 		ResolvedCallback: nil,
 		FirstSeen:        now,
 		LastSeen:         now,
--- a/network/make_manuf.py
+++ b/network/make_manuf.py
@ -0,0 +1,63 @@
+#!/usr/bin/python
+import os
+import six
+import re
+import sys
+
+base = os.path.dirname(os.path.realpath(__file__))
+# "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf;hb=HEAD"
+
+with open(os.path.join(base, 'manuf.go.template')) as fp:
+    template = fp.read()
+
+with open(os.path.join(base, 'manuf')) as fp:
+    lines = [l.strip() for l in fp.readlines()]
+    lines = [l for l in lines if l != "" and l[0] != '#']    
+
+def get_mac_and_mask(mac):
+    # simple case 
+    if not "/" in mac:
+        mac_hex = mac.replace(":", '')
+        mask    = 48 - 4 * len(mac_hex)
+        mac_int = int(mac_hex, 16) << mask
+
+    # 00:1B:C5:00:00:00/36
+    else:
+        parts = mac.split("/")
+        mac_hex = parts[0].replace(":", '')
+        mask    = 48 - int(parts[1])
+        mac_int = int(mac_hex, 16) << mask 
+
+    return (mac_int, mask)
+
+index = {}
+
+for line in lines:
+    m = re.match( r'^([^\s]+)\s+([^\s]+)(.*)$', line, re.M)
+    parts = m.groups()
+    mac = parts[0]
+    short = parts[1]
+    manuf = parts[2].strip()
+    if manuf == "":
+        manuf  = short
+
+    m = re.match( r'^([^#]+)#.+$', manuf)
+    if m is not None:
+        manuf = m.groups()[0].strip()
+
+    mac_int, mask = get_mac_and_mask(mac)
+
+    key = "%d.%d" % ( mask, mac_int >> mask )
+    index[key] = manuf
+
+code = "map[string]string {\n"
+
+for key, vendor in six.iteritems(index):
+    code += "    \"%s\": \"%s\",\n" % ( key, vendor.replace( '"', '\\"' ))
+
+code += "}\n"
+
+code = template.replace('#MAP#', code)
+
+with open(os.path.join(base, 'manuf.go'), 'w+t') as fp:
+    fp.write(code)
--- a/network/make_oui.py
+++ b/network/make_oui.py
@ -1,37 +0,0 @@
-#!/usr/bin/python
-import os
-import six
-
-base = os.path.dirname(os.path.realpath(__file__))
-
-with open(os.path.join(base, 'oui.go.template')) as fp:
-    template = fp.read()
-
-with open(os.path.join(base, 'oui.dat')) as fp:
-    lines = [l.strip() for l in fp.readlines()]
-
-m = {}
-for line in lines:
-    if line == "" or line[0] == '#':
-        continue
-
-    parts = line.split(' ', 1)
-    if len(parts) != 2:
-        continue
-
-    prefix = parts[0].strip().lower()
-    vendor = parts[1].strip()
-
-    m[prefix] = vendor
-
-code = "map[string]string {\n"
-
-for prefix, vendor in six.iteritems(m):
-    code += "    \"%s\": \"%s\",\n" % ( prefix, vendor )
-
-code += "}\n"
-
-code = template.replace('#MAP#', code)
-
-with open(os.path.join(base, 'oui.go'), 'w+t') as fp:
-    fp.write(code)
--- a/network/manuf
+++ b/network/manuf
--- a/network/manuf.go
+++ b/network/manuf.go
--- a/network/manuf.go.template
+++ b/network/manuf.go.template
@ -0,0 +1,28 @@
+package network
+
+import (
+    "fmt"
+	"strings"
+    "math/big"
+)
+
+var manuf = #MAP#
+
+func ManufLookup(mac string) string {
+    macHex := strings.Replace(mac, ":", "", -1)
+    macInt := new(big.Int)
+
+    if _, ok := macInt.SetString(macHex, 16); ok == false {
+        return ""
+    }
+
+    for mask := uint(0); mask < 48; mask++ {
+        shifted := new(big.Int).Rsh(macInt, mask)
+        key := fmt.Sprintf("%d.%s", mask, shifted)
+        if vendor, found := manuf[key]; found {
+            return vendor
+        }   
+    }
+
+	return ""
+}
--- a/network/oui.dat
+++ b/network/oui.dat
--- a/network/oui.go
+++ b/network/oui.go
--- a/network/oui.go.template
+++ b/network/oui.go.template
@ -1,18 +0,0 @@
-package network
-
-import (
-	"strings"
-)
-
-var oui = #MAP#
-
-func OuiLookup(mac string) string {
-	octects := strings.Split(mac, ":")
-	if len(octects) > 3 {
-		prefix := octects[0] + octects[1] + octects[2]
-		if vendor, found := oui[prefix]; found == true {
-			return vendor
-		}
-	}
-	return ""
-}
--- a/network/oui_test.go
+++ b/network/oui_test.go
@ -1,18 +0,0 @@
-package network
-
-import "testing"
-
-func TestOuiVar(t *testing.T) {
-	if len(oui) <= 0 {
-		t.Error("unable to find any oui infromation")
-	}
-}
-
-func TestOuiLookup(t *testing.T) {
-	exampleMac := "e0:0c:7f:XX:XX:XX"
-	exp := "Nintendo Co."
-	got := OuiLookup(exampleMac)
-	if got != exp {
-		t.Fatalf("expected '%s', got '%s'", exp, got)
-	}
-}