1

I need to extract ARP MAC-addresses with vendor names from PCAP-files and save those as a CSV-file. Below code is working fine for source and destination MAC but I need the code to extract the MAC vendor name.

I had used DPKT to extract the data from PCAP.

from src.arpbasic import mac_addr

s_mac = mac_addr(eth.src)
d_mac = mac_addr(eth.dst)
user2722968
  • 13,636
  • 2
  • 46
  • 67
delwar.naist
  • 51
  • 1
  • 12
  • You can use [Wireshark's database of known manufacturers](https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf). Just download the file and do lookups there. – user2722968 May 06 '19 at 15:59
  • may there is any method for python which can extract directly from pcap file? and save to csv format? – delwar.naist May 06 '19 at 16:11
  • A pcap-file does not include resolved vendor names, neither does pcapng afaik. You'll have to do it yourself. There is [maclookup](https://pypi.org/project/maclookup/) – user2722968 May 06 '19 at 16:15
  • Ok. Thank you for your time and advise. – delwar.naist May 07 '19 at 17:06
  • I had checked some codes working for single MAC lookup. actually i would like to lookup list of MAC vendor by Python. – delwar.naist May 15 '19 at 16:35

0 Answers0