Stefan Frutig wrote:
I read that you can`t sniff packets which have a VLAN Tag, because they are
longer then normal packets. Is that true?
If by "longer than normal packets" you mean if 1500 bytes of payload are
transmitted on a VLAN, the 14 bytes of Ethernet header plus 4 bytes of
VLAN header plus 4 bytes of CRC are longer than the 1518-byte maximum
Ethernet packet, and some Ethernet cards will reject those as being too
long and not receive them, that might be true - but it's not necessarily
true; I have a capture (I don't know where it came from, so I don't know
what OS captured it, or what network adapter was used to capture it;
somebody might've sent it to the Ethereal mailing list at some point)
with 1518-byte Ethernet packets in it (1518 bytes *without* the CRC, so
that'd have been 1522 with the CRC), with 14 bytes of Ethernet header, 4
bytes of VLAN header, and 1500 bytes of payload.
There are other potential problems with VLAN captures:
http://www.ethereal.com/faq.html#q5.36