Wireshark-users: Re: [Wireshark-users] vlan & dhcp packets

Date: Tue, 18 Mar 2008 23:39:30 -0700
Jaap,

yes, it is a win machine(XP). i'm consulting for them, so i'll see if the user there will dl knoppix, burn a cd, scan from there and send them to me.

in this case, the port on the cisco switch is assigned to a vlan.

thanks for the reply,
fingerprint: E737 C427 FB48 6E51 6C8D ED40 7C8D 1D4E 6F9F B528 



Jaap> Hi,

Jaap> Not true. The fact that there are UDP packets running on a native LAN or VLAN 
Jaap> which happen to carry a payload which is considered BOOTP has nothing to do 
Jaap> with the LAN they are running on.

Jaap> There are numerous ways to get a node on a VLAN. Easiest is to assign a port 
Jaap> to a VLAN. Then the host doesn't have to fiddle with VLAN tags and stuff. If 
Jaap> the port can't handle the VLAN tagging/untagging, you'll have to configure the 
Jaap> host to do so. You can do that by, on the native LAN, forging a DHCP reply 
Jaap> option or point it to a configuration file it can read, so it knows what tag 
Jaap> to use. Then he restarts the BOOTP procedure applying the tag he received, so 
Jaap> he does host configuration on the configured VLAN.

Jaap> See, all depends on the equipment, network design and policy you have.

Jaap> Back to the original question. Sure you should be able to see them. I bet 
Jaap> you're using a Windows platform and try to sniff. These cards and their 
Jaap> drivers are a pain. Frisbee in a Knoppix lifeCD or something and capture with 
Jaap> that. You'll see it. The devil is in the details here.

Jaap> Thanx,
Jaap> Jaap

Jaap> Andreas Fink wrote:
>> I  think dhcp always is untagged on ethernet by the standard as it  
>> might tell you what vlan to use maybe. At least i had such issues when  
>> trying to run a dhcp server on a cisco connected on vlan virtual  
>> interfaces

>> Von meinem iPhone gesendet

>> Am 18.03.2008 um 21:08 schrieb wb <wsbcomm@xxxxxxxxxxxxx>:

>>> hey folks,

>>> [sorry for the double post, looks like i posted incorrectly the  
>>> first time.]


>>> if i'm sniffing between a linksys router and a cisco swtich, and the  
>>> linksys is on a vlan, shouldn't i be able to see DHCP OFFERS &  
>>> REQUESTS that clients are getting from this linksys router? or does  
>>> vlan tagging hid them or something?

>>> tia

>>> Fingerprint: E737 C427 FB48 6E51 6C8D ED40 7C8D 1D4E 6F9F B528


Jaap> _______________________________________________
Jaap> Wireshark-users mailing list
Jaap> Wireshark-users@xxxxxxxxxxxxx
Jaap> http://www.wireshark.org/mailman/listinfo/wireshark-users