Wireshark-users: Re: [Wireshark-users] vlan & dhcp packets

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 18 Mar 2008 22:41:51 +0100
Hi,

Not true. The fact that there are UDP packets running on a native LAN or VLAN which happen to carry a payload which is considered BOOTP has nothing to do with the LAN they are running on.

There are numerous ways to get a node on a VLAN. Easiest is to assign a port to a VLAN. Then the host doesn't have to fiddle with VLAN tags and stuff. If the port can't handle the VLAN tagging/untagging, you'll have to configure the host to do so. You can do that by, on the native LAN, forging a DHCP reply option or point it to a configuration file it can read, so it knows what tag to use. Then he restarts the BOOTP procedure applying the tag he received, so he does host configuration on the configured VLAN.

See, all depends on the equipment, network design and policy you have.

Back to the original question. Sure you should be able to see them. I bet you're using a Windows platform and try to sniff. These cards and their drivers are a pain. Frisbee in a Knoppix lifeCD or something and capture with that. You'll see it. The devil is in the details here.

Thanx,
Jaap

Andreas Fink wrote:
I think dhcp always is untagged on ethernet by the standard as it might tell you what vlan to use maybe. At least i had such issues when trying to run a dhcp server on a cisco connected on vlan virtual interfaces

Von meinem iPhone gesendet

Am 18.03.2008 um 21:08 schrieb wb <wsbcomm@xxxxxxxxxxxxx>:

hey folks,

[sorry for the double post, looks like i posted incorrectly the first time.]


if i'm sniffing between a linksys router and a cisco swtich, and the linksys is on a vlan, shouldn't i be able to see DHCP OFFERS & REQUESTS that clients are getting from this linksys router? or does vlan tagging hid them or something?

tia

Fingerprint: E737 C427 FB48 6E51 6C8D ED40 7C8D 1D4E 6F9F B528