Wireshark-users: Re: [Wireshark-users] help

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Tue, 27 Apr 2010 10:28:41 +1000
I would suggest doing the capture on the Linux box. In my experience, on Linux libpcap and the driver preserves VLAN tagging.  (Just use a Linux booting from a USB stick or CD if you don't want to install).

On Windows it seems that most drivers strip VLAN tags.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Mon, Apr 26, 2010 at 6:39 PM, Padmalochan Moharana <padmalochan.moharana@xxxxxxxxxxxxxxxx> wrote:
Hi Harris,
Thanks for the information. The wireshark captured the message without any
VLAN tag because the driver stripped the VLAN tag of the received message.So
wireshark does not see any VLAN tag in the message. I think any other system
setting or driver is required to capture the VLAN tag. So please let me know
which driver deliver the message without stripping the VLAN tag of the
message.

Br,
Padmalochan

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Monday, April 26, 2010 1:15 PM
To: Community support list for Wireshark
Cc: padmalochan.moharana@xxxxxxxxxxxxxxxx
Subject: Re: [Wireshark-users] help


On Apr 25, 2010, at 11:34 PM, Pradeepta Samantaray wrote:

> I'm using Wireshark-0.99.5-EL4.1 and ethernet e1000
> But I am not able to capture vlan ID
>
> I configured vlan as
>
> Vconfig add eth1 5
> Ip addr add 191.1.1.34/24 dev eth1.5
>
> Vconfig add eth1 5
> Ip addr add 191.1.1.35/24 dev eth1.5
>
> Device eth1 goes into promiscuous mode
> Device eth1.5 goes into promiscuous mode

Is eth0 the e1000 Ethernet?  If so, what happens if you capture on it?  (If
5 is the VLAN number, try capturing on eth0 with the capture filter "vlan 5"
if you only want traffic from that VLAN.)


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe