Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] (no subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 08 Dec 2004 10:45:36 -0800
Stefan Frutig wrote:


I read that you can`t sniff packets which have a VLAN Tag, because they are
longer then normal packets. Is that true?
If by "longer than normal packets" you mean if 1500 bytes of payload are transmitted on a VLAN, the 14 bytes of Ethernet header plus 4 bytes of VLAN header plus 4 bytes of CRC are longer than the 1518-byte maximum Ethernet packet, and some Ethernet cards will reject those as being too long and not receive them, that might be true - but it's not necessarily true; I have a capture (I don't know where it came from, so I don't know what OS captured it, or what network adapter was used to capture it; somebody might've sent it to the Ethereal mailing list at some point) with 1518-byte Ethernet packets in it (1518 bytes *without* the CRC, so that'd have been 1522 with the CRC), with 14 bytes of Ethernet header, 4 bytes of VLAN header, and 1500 bytes of payload. 

There are other potential problems with VLAN captures:

	http://www.ethereal.com/faq.html#q5.36
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube