Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 22, Issue 55

From: Marc Quibell <Marc.Quibell@xxxxxxxxxxxxxxxx>
Date: Wed, 19 Mar 2008 08:30:19 -0500

Yes, you should be able to see all packets, even bootp; it's vlan independent. I've never had problems using Windows as a sniffer however. I've had more problems with WinShark not working right more than anything else.

Marc

-------------------------------------------------------------------------------------------------

Message: 4
Date: Tue, 18 Mar 2008 22:41:51 +0100
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Subject: Re: [Wireshark-users] vlan & dhcp packets
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <47E0371F.5050109@xxxxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed

Hi,

Not true. The fact that there are UDP packets running on a native LAN or VLAN
which happen to carry a payload which is considered BOOTP has nothing to do
with the LAN they are running on.

There are numerous ways to get a node on a VLAN. Easiest is to assign a port
to a VLAN. Then the host doesn't have to fiddle with VLAN tags and stuff. If
the port can't handle the VLAN tagging/untagging, you'll have to configure the
host to do so. You can do that by, on the native LAN, forging a DHCP reply
option or point it to a configuration file it can read, so it knows what tag
to use. Then he restarts the BOOTP procedure applying the tag he received, so
he does host configuration on the configured VLAN.

See, all depends on the equipment, network design and policy you have.

Back to the original question. Sure you should be able to see them. I bet
you're using a Windows platform and try to sniff. These cards and their
drivers are a pain. Frisbee in a Knoppix lifeCD or something and capture with
that. You'll see it. The devil is in the details here.

Thanx,
Jaap

Andreas Fink wrote:
> I  think dhcp always is untagged on ethernet by the standard as it  
> might tell you what vlan to use maybe. At least i had such issues when  
> trying to run a dhcp server on a cisco connected on vlan virtual  
> interfaces
>
> Von meinem iPhone gesendet
>
> Am 18.03.2008 um 21:08 schrieb wb <wsbcomm@xxxxxxxxxxxxx>:
>
>> hey folks,
>>
>> [sorry for the double post, looks like i posted incorrectly the  
>> first time.]
>>
>>
>> if i'm sniffing between a linksys router and a cisco swtich, and the  
>> linksys is on a vlan, shouldn't i be able to see DHCP OFFERS &  
>> REQUESTS that clients are getting from this linksys router? or does  
>> vlan tagging hid them or something?
>>
>> tia
>>
>> Fingerprint: E737 C427 FB48 6E51 6C8D ED40 7C8D 1D4E 6F9F B528
>>


__________________________________________
The information contained in this message may be privileged and confidential and protected from disclosure. If you are not the intended recipient of this message, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message, and please delete it from your computer.