Update: We ended up installing a 3com NIC in a different PC (running
windows) and we now see both sets of Q tags. Pulling the wire out of the
back of this PC, and plugging it into the dell server blade running
linux shows only 1 q tag.
We don't have any vlan devices configured in linux, just eth0. So
somehow we need to tweak something in linux or the device driver to
allow us to see all the headers instead of having the 1st q-tag be
stripped out.
Any ideas?
Thanks!
-mike
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Randy.Grein@xxxxxxxxxxxxxx
Sent: Thursday, May 24, 2007 3:40 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] question on seeing the vlan tags on linux
Third situation, and most likely is that the switch itself is stripping
VLAN tagging. Check with the switch vendor on how to pass this through;
you're likely to have to set the Dell NIC to the relevant VLANs.
Randy Grein
Network Engineer
"Mike Landman" <mlandman@xxxxxxxxxxxxxxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
05/24/2007 11:39 AM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
To
<wireshark-users@xxxxxxxxxxxxx>
cc
Subject
[Wireshark-users] question on seeing the vlan tags on linux
Hi,
I'm not seeing some VLAN tags that I think should exist. I'm running
wireshark on a Dell server blade running linux. The Ethernet adapter is
NOT configured for VLANs in any way. It's connected to a switch that has
port mirroring configured to send packets to the Dell.
I receive the packet, but it looks as if the eth type and vlan ID (i.e.
the entire vlan tag) is stripped.
Reading the FAQ and the wiki, I see that this is expected behavior in
either of the following cases:
(1) Under Linux, if I have a vlan configured Ethernet adapter, then
the VLAN tag might be stripped before going up the stack.
(2) Under Windows, the drivers for some broadcom/intel adapters will
strip out the vlan tag, and a registry key needs to be tweaked to allow
that data to be visible higher up the stack.
In my scenario, I'm running Linux, there is no VLAN configuration, yet
the
packets still seem to have the 1st VLAN tag removed. It's 802.1ah, so I
expect to see 2 VLAN tags. I only see one. It's as if the first vlan tag
is removed, leaving the second one in the place that the first would
otherwise be.
Has anyone ever seen this occur under Linux, when capturing directly
from
eth0 (i.e. not eth0.100?)
Regards,
-mike_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
- -------------------------
CONFIDENTIALITY NOTICE: The information in this message may be
proprietary and/or confidential, and is intended only for the use of the
individual(s) to whom this email is addressed. If you are not the
intended recipient, you are hereby notified that any use, dissemination,
distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify us
immediately by replying to this email and deleting this email from your
computer. Nothing contained in this email or any attachment shall
satisfy the requirements for contract formation or constitute an
electronic signature.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
