MACOUI(1) Manual Page NAME MACOUI - Look up MAC address vendors from the IEEE OUI list

SYNOPSIS MACOUI [--mac MAC_ADDRESS] [--list MAC_ADDRESS_LIST] [--file FILE] [--syslog-input SYSLOG_FILE] [--output-extracted-macs OUTPUT_FILE] [--only-identified-vendors]

DESCRIPTION MACOUI is a Python script that retrieves the latest Organizationally Unique Identifier (OUI) list from the IEEE website (standards-oui.ieee.org) and uses it to identify the vendor assigned to a given MAC address. It supports looking up single MAC addresses, a comma-separated list of addresses, or addresses from a file. Additionally, it can extract unique MAC addresses from a syslog file and optionally save them to a separate output file, with an option to include only those MACs for which a vendor is identified.

The script caches the downloaded OUI list locally as oui_cache.txt to avoid re-downloading it on subsequent runs, speeding up lookups. If you need to force a fresh download, simply delete the oui_cache.txt file.

MAC addresses can be provided with various delimiters (colons, dashes) or no delimiters at all. The script will normalize them for lookup and display.

You should be able to set the script to execute from the command line leveraging chmod. This will allow you to remove the leading "python3" from the commands below

OPTIONS -m, --mac MAC_ADDRESS Specify a single MAC address to look up. Examples: '00:1A:2B:3C:4D:5E', '00-1A-2B:3C-4D-5E', '001A2B3C4D5E'

-l, --list MAC_ADDRESS_LIST Provide a comma-separated list of MAC addresses to look up. Example: '00:1A:2B:...,AA-BB-CC:...,112233445566'

-f, --file FILE Specify a path to a file containing MAC addresses, with one MAC address per line.

--syslog-input SYSLOG_FILE Specify the path to a syslog file from which to extract unique MAC addresses. The script will parse the file, find all MAC addresses, and then perform vendor lookups on them.

--output-extracted-macs OUTPUT_FILE Used in conjunction with --syslog-input. If specified, the unique MAC addresses extracted from the syslog file will be saved to this OUTPUT_FILE. Each MAC address will be on a new line, formatted as XX:XX:XX:XX:XX:XX (or XX:XX:XX:XX:XX:XX - Vendor Name if --only-identified-vendors is also used).

--only-identified-vendors Used in conjunction with --syslog-input and --output-extracted-macs. If this flag is present, only MAC addresses for which a known vendor is identified will be saved to the OUTPUT_FILE specified by --output-extracted-macs. The output line will include both the MAC address and the vendor. If this flag is omitted, all extracted unique MAC addresses (identified or not) will be saved to the file (just the MAC address).

EXAMPLES Look up a single MAC address:

python3 MACOUI -m "00:1A:2B:CD:EF:01"

Look up multiple MAC addresses from a comma-separated list:

python3 MACOUI -l "00-00-0C-11-22-33, 00:1A:2B:CD:EF:01, 000000000000"

Look up MAC addresses from a file: Assuming mac_list.txt contains:

00:1A:2B:CD:EF:01 00-00-0C-11-22-33 AB-CD-EF-12-34-56

Run:

python3 MACOUI -f mac_list.txt

Extract unique MACs from a syslog file and perform lookups:

python3 MACOUI --syslog-input /var/log/syslog

Extract unique MACs from a syslog file, save all to a file, and perform lookups:

python3 MACOUI --syslog-input /var/log/syslog --output-extracted-macs all_macs.txt ```all_macs.txt` content (example):

00:1A:2B:CD:EF:01 AA:BB:CC:DD:EE:FF

Extract unique MACs from a syslog file, save only identified ones (with vendor) to a file, and perform lookups:

python3 MACOUI --syslog-input /var/log/syslog --output-extracted-macs identified_macs.txt --only-identified-vendors ```identified_macs.txt` content (example):

00:1A:2B:CD:EF:01 - Example Vendor Inc. AA:BB:CC:DD:EE:FF - Another Company

FILES MACOUI The main Python script.

oui_cache.txt A locally cached copy of the IEEE OUI list, created and used by the script.

AUTHORS StaticDet5 With assistance from Google Gemini

BUGS Try hitting us up on GitHub