Wireshark is just the 'top of the foodchain' so to speak. Below that in libpcap
to do the capture. That is plugged into the OS'es network software, which itself
sits on top of network card driver software, which works with the cards'
firmware, which interacts with the network hardware.
As you see many pieces are involved. The Windows parts (network stack and
drivers) are not well known for their VLAN support. In Linux (Ubuntu uses the
Linux kernel) this is much better handled, even on the same hardware.
ketzal devims wrote:
> But I'm using Wireshark exactly on the same computer.> 2009/9/21 Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>>
> I removed Windows XP to put Ubuntu 9.04...
> Best regards
>> > <mailto:steve@xxxxxxxxxxxxxxxxxx <mailto:steve@xxxxxxxxxxxxxxxxxx>>>
> That depends on the network card, driver and network stack. Windows
> is notorious
> for not showing VLAN info. See
> ketzal devims wrote:
> > Hi Stephen, I forgot a question:
> > Why is there this problem on linux and not on Windows Wireshark
> > Best Regards
> > Louis
> > 2009/9/21 Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx
> > On Sep 21, 2009, at 1:14 PM, ketzal devims wrote:
> > > I’m able to see these packets without filter... Why can’t
> I see them
> > > with th filter?
> > >
> > > Some friend told me it's a libpcap problem. The libpcap
> version in
> > > my computer is 1.0.0-1 (almost the last one)
> > >
> > > What's going on??? I really don't understand.
> > A common cause of this seems to be when you have 802.1q VLAN tags
> > coming into the machine and being passed up into Wireshark.
> If this
> > is the case, you would need to use "vlan and <your filter>".
> > Steve
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>