I am using Windows XP with a Broadcom in one laptop and and Xircom card in
the other is it possible the NIC is stripping the vlan tags out like another
post i saw described:
If that is OK, you might need to have a look at your NIC. For instance, you
can see in:
http://support.intel.com/support/network/sb/cs-005897-prd38.htm
that Intel NICs by default remove the VLAN tag, unless you configure them
explicitly to pass it upwards.
What is a good NIC that does not strip out VLAN tags that i could try?
"Guy Harris" <gharris@xxxxxxxxx> wrote in message
news:41B37B01.90002@xxxxxxxxx...
> Chris T. wrote:
>> I read the FAQ and I am not sure I completly understand what they are
>> saying.
>
> What the FAQ is saying could be thought of as
>
> Ethereal doesn't directly control the network hardware on the machine on
> which it's running. It uses libpcap/WinPcap to do that, and
> libpcap/WinPcap doesn't directly control it, either; it requests that
> various pieces of networking code in the OS do so.
>
> The networking code in the OS, on machines connected to a VLAN, might
> contain a networking "interface" that doesn't directly correspond to the
> network adapter, and doesn't supply packets as received by the network
> adapter; instead, it might supply packets that have the VLAN header
> removed.
>
> It might also contain a networking interface that directly corresponds to
> the network adapter, and supplies the raw packets as received by the
> adapter; in order to see VLAN tags, and traffic for VLANs other than the
> one to which the machine is connected, you'll have to capture on that
> interface, rather than on the one that supplies packets with the VLAN
> header removed.
>
> What the interfaces are called depends on your OS; I don't have a list of
> what they're called on various OSes.
>
> A further problem is that I think some network adapter hardware can be
> configured to be connected to a particular VLAN, in which case they'll
> strip off VLAN tags, and discard packets not for that VLAN, before
> supplying them to the host, in which case there might not *be* an
> interface that can see the raw packets on the LAN. In that case, you
> might have to capture on a machine that's not connected to any VLAN - in
> which case it might not be able to communicate on the LAN, in particular
> to resolve network addresses to host names, so you might have to turn off
> network name resolution to prevent Ethereal (or whatever capture program
> you're using) from pausing for long periods of time trying to resolve
> network addresses.
