Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] capture filters

From: "Witton, David" <dwitton@xxxxxxxxxxxxxxxxx>
Date: Wed, 2 Jan 2008 10:34:06 -0700
Guy

The traffic to the Wireshark box is IPv4, no VLAN. I'm installing Wireshark on another, non-virtual box today to compare.

David Witton
Director, Information Systems
St. John's Medical Center
307.739.7383

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, December 31, 2007 4:59 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] capture filters

Witton, David wrote:

> > What OS are you running on the machine doing the capture?  And what type
> > of network adapter are you capturing on?
>
> XP pro, vmware virtual machine. VMware Accellerated AMD PCNet Adapter

So that's probably a (virtual) Ethernet adapter.

> > And, if this is on Ethernet, are you using VLANs?  If so, is the TCP
> > traffic to and from the host running Wireshark on a VLAN?  (I.e., does
> > it have a VLAN header?)
>
> Forgive my ignorance, I'm not sure how to check for a VLAN header,

In Wireshark or TShark, in the packet detail pane, there will be an
"802.1Q Virtual LAN" entry below "Ethernet II" and above "Internet
Protocol" for a packet with a VLAN header.  (Or maybe more than one
"802.1Q Virtual LAN" header for a VLAN inside a VLAN, etc., but that's
probably rarer.)

(Also, this is TCP over IPv4, not TCP over IPv6, right?)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of the original message. Thank you for your cooperation.