What does "oui Unknown" means in tcpdump?

Ankit Raj picture Ankit Raj · May 16, 2018 · Viewed 15.1k times · Source

Please refer to example packet:

    2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) > Broadcast, 
    ethertype Unknown (0xcafe), length 74
    0x0000:  0200 000a ffff 0000 ffff 0c00 3c00 0000  ............<...
    0x0010:  0000 0000 0100 0080 3e9e 2900 0000 0000  ........>.).....
    0x0020:  0000 0000 ffff ffff ad00 996b 0600 0050  ...........k...P
    0x0030:  569c 6938 0000 0000 8e07 0000            V.i8........

Answer

Ankit Raj picture Ankit Raj · May 20, 2018

MAC Address Format

An organizationally unique identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization.

These are purchased from the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority by the "assignee" (IEEE term for the vendor, manufacturer, or other organization). They are used as the first portion of derivative identifiers to uniquely identify a particular piece of equipment as MAC addresses,Subnetwork Access Protocol protocol identifiers, World Wide Names for Fibre Channel devices.

In MAC addresses, the OUI is combined with a 24-bit number (assigned by the owner or 'assignee' of the OUI) to form the address. The first three octets of the address are the OUI.

OUI List: http://standards-oui.ieee.org/oui.txt