tcpdump mailing list archives
Re: capturing vlan traffic on linux
From: Karsten Keil <kkeil () suse de>
Date: Thu, 24 Jan 2008 13:22:16 +0100
On Wed, Jan 23, 2008 at 02:23:06PM -0800, Aaron Turner wrote:
Box is Linux 2.6.12 kernel tcpdump 3.8 libpcap 0.8.3 Intel e1000 NIC Long story short, 1) when sniffing on the vlan tagged interface (eth0.5), I can see inbound and outbound traffic, but the ethernet frames are not tagged. 2) when sniffing on the physical interface (eth0) I can see only one direction of traffic (outbound I think), and again no vlan tags. Is it not possible to sniff traffic with the vlan tags if the traffic is destined or generated by the host? Or do I need to upgrade something?
Thats the normal behavior I found out some time ago. The VLAN processing is done in the driver (sometimes in the HW itself), this is under the tcpdump interface layer. If I need to debug VLAN issues on the wire I use a second PC on a HUB (or a switch which allows port monitoring). Note: even here you need a card which pass VLAN taged frames unchanged to the upper layers, some more featured cards always remove TAGs I know this for tg3 and bnx cards, in this case (tg3,bnx) you have to disable the advanced monitor firmware on the cards to see VLAN tags. -- Karsten Keil SuSE Labs - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- capturing vlan traffic on linux Aaron Turner (Jan 23)
- Re: capturing vlan traffic on linux Karsten Keil (Jan 24)