From e8842b296efcfa06b92ca5e00d2bb386001e0db0 Mon Sep 17 00:00:00 2001 From: Aquila Macedo Date: Wed, 22 Nov 2023 01:11:16 -0300 Subject: [PATCH] fix: Update vendor lookup method and dependency for Debian packaging Replaced 'import OuiLookup' with 'from ouilookup import OuiLookup' due to compatibility issues with ouilookup 0.3.1. This change ensures the project works correctly. Additionally, introduced 'ieee-data' for CSV access, enabling the software to function independently of the ouilookup package, crucial for Debian packaging. Signed-off-by: Aquila Macedo --- src/arpwitch/utils/sniffer.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/arpwitch/utils/sniffer.py b/src/arpwitch/utils/sniffer.py index 292e631..bfdeba1 100644 --- a/src/arpwitch/utils/sniffer.py +++ b/src/arpwitch/utils/sniffer.py @@ -1,6 +1,7 @@ import logging -import OuiLookup +import os +import csv from .utils import timestamp from arpwitch.exceptions import ArpWitchException @@ -49,6 +50,7 @@ def scrub_address(self, address_type, address): raise ArpWitchException("unsupported address_type", address_type) def expand_packet_session_data(self, packet, session): + oui_path = "/usr/share/ieee-data/oui.csv" hw_address_is_new = False ip_address_is_new = False @@ -57,7 +59,21 @@ def expand_packet_session_data(self, packet, session): ip_address = packet["src"]["ip"] # lookup hw_vendor name - hw_vendor = list(OuiLookup.OuiLookup().query(hw_address)[0].values())[0] + hw_vendor = ''.join(hw_address.split(":")[:3]).upper() + + if os.path.exists(oui_path): + # check if the CSV file from ieee-data exists + with open(oui_path, "r") as oui_file: + reader = csv.DictReader(oui_file) + for row in reader: + if row["Assignment"] == hw_vendor: + hw_vendor = row["Organization Name"] + break + else: + hw_vendor = None # if vendor is not found in the CSV + else: + from ouilookup import OuiLookup + hw_vendor = list(OuiLookup().query(hw_address)[0].values())[0] # update session['ip'] data if ip_address not in session["ip"].keys():