Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: [Ethereal-users] Re: Re: 802.1p packet marking / detection

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Chris Tatro" <k0rnshell@xxxxxxxxxxx>
Date: Mon, 6 Dec 2004 07:28:59 -0600
Finally getting somewhere, I used a Xircom 10/100 card and was able to see
VLAN tagging from the Mitel phone. The built NIC on my laptop must have been
stripping the VLAN info off.

"Guy Harris" <gharris@xxxxxxxxx> wrote in message
news:41B37B01.90002@xxxxxxxxx...
> Chris T. wrote:
> > I read the FAQ and I am not sure I completly understand what they are
> > saying.
>
> What the FAQ is saying could be thought of as
>
> Ethereal doesn't directly control the network hardware on the machine
> on which it's running.  It uses libpcap/WinPcap to do that, and
> libpcap/WinPcap doesn't directly control it, either; it requests that
> various pieces of networking code in the OS do so.
>
> The networking code in the OS, on machines connected to a VLAN, might
> contain a networking "interface" that doesn't directly correspond to the
> network adapter, and doesn't supply packets as received by the network
> adapter; instead, it might supply packets that have the VLAN header
removed.
>
> It might also contain a networking interface that directly corresponds
> to the network adapter, and supplies the raw packets as received by the
> adapter; in order to see VLAN tags, and traffic for VLANs other than the
> one to which the machine is connected, you'll have to capture on that
> interface, rather than on the one that supplies packets with the VLAN
> header removed.
>
> What the interfaces are called depends on your OS; I don't have a list
> of what they're called on various OSes.
>
> A further problem is that I think some network adapter hardware can be
> configured to be connected to a particular VLAN, in which case they'll
> strip off VLAN tags, and discard packets not for that VLAN, before
> supplying them to the host, in which case there might not *be* an
> interface that can see the raw packets on the LAN.  In that case, you
> might have to capture on a machine that's not connected to any VLAN - in
> which case it might not be able to communicate on the LAN, in particular
> to resolve network addresses to host names, so you might have to turn
> off network name resolution to prevent Ethereal (or whatever capture
> program you're using) from pausing for long periods of time trying to
> resolve network addresses.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube