Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2801] VLAN Tag Enabled NIC Packets not Captured by DUMPCAP

Date: Wed, 13 Aug 2008 13:51:27 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2801





--- Comment #1 from Sake <sake@xxxxxxxxxx>  2008-08-13 13:51:26 PDT ---
Have a look at http://wiki.wireshark.org/VLAN , it's far from complete, but it
explains a bit about capturing vlan tagged packets.

The capture filters are optimized and compiled before applied to packets. This
means that it expects certain fields at certain byte offsets. When a vlan tag
is added to the frame, the IP (and upper protocol) data shifts back 4 octets.
To make the capture filter work again, you need to add the keyword "vlan" to
the capture filter. This will make the capture filter look for the 802.1q
header, and in the meantime make the proper shift for the capture filter logic.

This means you should use the capture filter:

 "vlan and (udp port 500 or udp portrange 2000-6000)"

Please have a go with this capture filter and report back if it works?


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.