Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
4
Replies

vlan tag capturing

onita
Level 1
Level 1

‎11-02-2007 12:11 PM - edited ‎03-03-2019 05:39 AM

I've been trying to capture the vlan tags on a trunk link using the wireshark and port mirroring with no success. Any ideas on what I'm doing wrong or what I'm missing .

Labels:
Preview file
8 KB
0 Helpful
4 Replies 4

lgijssel
Level 9
Level 9

‎11-02-2007 01:01 PM

You should be looking for packets with ethertype 8100. Check the link for a wiki on this:

http://en.wikipedia.org/wiki/IEEE_802.1Q#Frame_format

Setting the monitor port to trunk mode is an experiment that's certainly worth trying. However, even if you are doing everything correctly, your PC adapter may not recognize the packets and ignore them.

regards,

Leo

0 Helpful

lrian
Level 1
Level 1

‎11-02-2007 03:06 PM

The monitor port has to be configured as a trunk port and the NIC has to support vlan tags.

I've got a Dell laptop with an integrated Broadcom ethernet NIC that doesn't let me capture vlan tags. I ended up getting a Trendnet 10/100/1000 PC card to use w/ wireshark so that I could see the vlan tags.

0 Helpful

onita
Level 1
Level 1
In response to lrian

‎11-05-2007 08:47 AM

I do have the monitor port as trunk. Since I'm running linux I'm gone try tcpdump instead of wireshark.

0 Helpful

onita
Level 1
Level 1
In response to onita

‎11-05-2007 10:22 AM

Ok, I've got it working. Had to install module 8021q on linux and update my monitor session to

monitor session 2 destination interface Gi1/0/3 encapsulation dot1q

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card