Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] help

From: "Padmalochan Moharana" <padmalochan.moharana@xxxxxxxxxxxxxxxx>
Date: Mon, 26 Apr 2010 14:09:13 +0530
Hi Harris,
Thanks for the information. The wireshark captured the message without any
VLAN tag because the driver stripped the VLAN tag of the received message.So
wireshark does not see any VLAN tag in the message. I think any other system
setting or driver is required to capture the VLAN tag. So please let me know
which driver deliver the message without stripping the VLAN tag of the
message.

Br,
Padmalochan

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx] 
Sent: Monday, April 26, 2010 1:15 PM
To: Community support list for Wireshark
Cc: padmalochan.moharana@xxxxxxxxxxxxxxxx
Subject: Re: [Wireshark-users] help


On Apr 25, 2010, at 11:34 PM, Pradeepta Samantaray wrote:

> I'm using Wireshark-0.99.5-EL4.1 and ethernet e1000
> But I am not able to capture vlan ID
>  
> I configured vlan as
>  
> Vconfig add eth1 5
> Ip addr add 191.1.1.34/24 dev eth1.5
>  
> Vconfig add eth1 5
> Ip addr add 191.1.1.35/24 dev eth1.5
>  
> Device eth1 goes into promiscuous mode
> Device eth1.5 goes into promiscuous mode

Is eth0 the e1000 Ethernet?  If so, what happens if you capture on it?  (If
5 is the VLAN number, try capturing on eth0 with the capture filter "vlan 5"
if you only want traffic from that VLAN.)