Results 1 to 2 of 2

Thread: vlan header trace/sniff

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    1

    Default vlan header trace/sniff

    I am trying to find a way to determine whether or not I have any packets with VLAN headers flowing on my network by using something like WireShark. My understanding is that the default behavior for most Linux network drivers is to strip the VLAN headers below the level where the packet tracing hooks are.

    So, is there any chance that the network drivers for BackTrack (especially tg3) have been configured to surface the VLAN headers intact for capture by tcpdump/WireShark, or whether there is a documented procedure for turning this capability on?

    Thanks.

    -Dave

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    You should be able to locate these packets using Wireshark and specifying vlan in the capture filter. If you for example want to capture 802.1q frames with the source ip 192.168.1.1 you would use as the filter: vlan and host 192.168.1.1. More information can be found at the following location:
    http://wiki.wireshark.org/CaptureSetup/VLAN
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •