mcr
commented
2 years ago So you want to map L2 name directly to name. That seems to skip some L3 name, but maybe that's on purpose, because you don't have L3 names for stuff like STP chatter, etc?
Closed eqvinox closed 1 year ago
mcr
commented
2 years ago So you want to map L2 name directly to name. That seems to skip some L3 name, but maybe that's on purpose, because you don't have L3 names for stuff like STP chatter, etc?
guyharris
commented
2 years ago So you want to map L2 name directly to name. That seems to skip some L3 name, but maybe that's on purpose, because you don't have L3 names for stuff like STP chatter, etc?
If packet capture code sees packets (for example, ARP packets) that indicate that the host with a given L2 address also has a given L3 address, and that application knows the name for that L3 address, it could also, if it writes out a capture, put in an entry mapping the given L2 address to the name for the L3 address, as well as an entry mapping the given L3 address to the name for that L3 address. (Wireshark infers names for L2 addresses that way.)
Code that reads this information would presumably map L2 addresses to names using the L2 map, when displaying L2 addresses, and map L3 addresses to names using the L3 map(s), when displaying L3 addresses.
eqvinox
commented
2 years ago […] because you don't have L3 names for stuff like STP chatter, etc?
Exactly that.
If packet capture code sees packets (for example, ARP packets) that indicate that the host with a given L2 address also has a given L3 address
No such packets in my traces :) … in some cases it could be gleaned from LLDP or IS-IS router name TLVs, but in reality what I'm looking for is a way to include a [subset of a] manually created /etc/ethers file.
(Also about to post on opsawg)
guyharris
commented
2 years ago No such packets in my traces :) … in some cases it could be gleaned from LLDP or IS-IS router name TLVs, but in reality what I'm looking for is a way to include a [subset of a] manually created /etc/ethers file.
But it should be thought of as a way to include mappings between MAC addresses and host names, regardless of the source of the mapping, not as just a way to include stuff from /etc/ethers - an application might even allow new mappings to be added manually, by the user.
eqvinox
commented
2 years ago But it should be thought of as a way to include mappings between MAC addresses and host names, regardless of the source of the mapping […]
Oh, yeah, absolutely. I was just providing my use case for context.
eqvinox
commented
1 year ago Updated to fix conflicts.
cf. #118
just some simple text — purpose is really just to grab 0x0003 / 0x0004 for EUI-48/64.