Souds like https://tools.ietf.org/html/rfc3378 :-)
It would be nice to have an example file in the capture menagerie, If you can reply with a little capture file without any sensitive information in it, that would be nice :-)
Cheers,
Sake
On 19 jan 2015, at 07:58, Rayne wrote:
> I see 2 full Ethernet headers in Wireshark - Ethernet with Source/Dest MAC address, IPv4, EtherIP Version 4, Ethernet with Source/Dest address, 802.1Q VLAN, IP.
>
> Wireshark can dissect it.
>
> From: Guy Harris <guy@xxxxxxxxxxxx>
> To: Rayne <hjazz6@xxxxxxxxx>; Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Monday, January 19, 2015 2:52 PM
> Subject: Re: [Wireshark-users] Extracting outer MAC Address
>
>
>
>
> On Jan 18, 2015, at 10:00 PM, Rayne <hjazz6@xxxxxxxxx> wrote:
>
> > Hi all,
> >
> > I have vlan packets that contain 2 Ethernet headers,
>
>
> I.e., you have some form of VLAN other than an IEEE VLAN?
>
> *IEEE* VLANs do not have two full Ethernet headers; they have a regular Ethernet header, with a destination address, a source address, and a type/length field, with the type/length field having a type value such as 0x8100 or 0x9100. That's followed by a VLAN header with a priority code point, drop eligible indicator, VLAN ID, and type field.
>
> What sort of VLAN is this? Can Wireshark dissect it?
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe