I see 2 full Ethernet headers in Wireshark - Ethernet with Source/Dest MAC address, IPv4, EtherIP Version 4, Ethernet with Source/Dest address, 802.1Q VLAN, IP.
Wireshark can dissect it.
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Rayne <hjazz6@xxxxxxxxx>; Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Monday, January 19, 2015 2:52 PM
Subject: Re: [Wireshark-users] Extracting outer MAC Address
On Jan 18, 2015, at 10:00 PM, Rayne <
hjazz6@xxxxxxxxx> wrote:
> Hi all,
>
> I have vlan packets that contain 2 Ethernet headers,
I.e., you have some form of VLAN other than an IEEE VLAN?
*IEEE* VLANs do not have two full Ethernet headers; they have a regular Ethernet header, with a destination address, a source address, and a type/length field, with the type/length field having a type value such as 0x8100 or 0x9100. That's followed by a VLAN header with a priority code point, drop eligible indicator, VLAN ID, and type field.
What sort of VLAN is this? Can Wireshark dissect it?
