HPE Community
Switches, Hubs, and Modems
1822431 Members
3243 Online
109642 Solutions
New Discussion юеВ

Wireshark Packets no VLAN

 
SOLVED
Go to solution
PEI_1
Advisor

тАО02-16-2011 05:34 PM

тАО02-16-2011 05:34 PM

Wireshark Packets no VLAN

Hi,
Trying to capture 802.1q with Wireshark but no prevail.
I have 2 test computers connected to 2 Procurve 2610 each on Port 1. Both switches are connected to each other on Port 3. Port 1 and 3 of both switches are on VLAN 300, tagged. Both test computers have Intel Proset installed. They are connecting to the switches on virtual interface VLAN 300.

My wireshark PC is connected to port 48 on one of the switches. port 48 is untag on Vlan1. The PC uses NIC "Local Area Connection" (not VLAN) to connect to the switch. Port 48 is set to monitorring port, port 3 is the monitoring source.

have someone managed to capture packets vlan info with Wireshark?
0 Kudos
5 REPLIES 5
Jeff Carrell
Honored Contributor

тАО02-16-2011 09:03 PM - last edited on тАО09-02-2011 12:56 PM by

тАО02-16-2011 09:03 PM - last edited on тАО09-02-2011 12:56 PM by

Solution

Re: Wireshark Packets no VLAN

check this thread:
http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/Problem-with-basic-VLANs-and-tagging-on-ProCurve-2626/m-p/5247109#M29683


When I have had this issue, it was related to mods required in driver config...see my first post in this thread for links.

hth...Jeff


ps, when the drivers are working on the wireshark pc, it is not required to have that nic nor the switch port it is connected to in tagged state. If there is a tagged pkt going to the wireshark port, it will pass through.

PEI_1
Advisor

тАО02-17-2011 02:05 AM

тАО02-17-2011 02:05 AM

Re: Wireshark Packets no VLAN

Thanks Jeff.

I can't find {4D36E972-E325-11CE-BFC1-08002BE10318} under HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\. Please advise.

How do I know if my Intel NIC is PCI/PCI-X or PCI-e based?

Thanks
Pei
0 Kudos
Jeff Carrell
Honored Contributor

тАО02-17-2011 05:54 AM

тАО02-17-2011 05:54 AM

Re: Wireshark Packets no VLAN

PEI asked: "I can't find {4D36E972-E325-11CE-BFC1-08002BE10318} under HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\. Please advise.

How do I know if my Intel NIC is PCI/PCI-X or PCI-e based?
"

I've also seen this, I kept looking at the ControlSetxxx until I found one that had the info I needed to change/modify....it has been awhile since I've done this.

Those notes are not always "exact".

I've also updated the drivers and it made it easier to support these functions. (as noted in the other thread)

When using a lapto for wireshark and capturing 802.1Q frames, I've also installed a different NIC sometimes (PCMCIA or ExpressCard)...gotta keep trying things till it all works...it is not an exacting science, sometimes more hit-n-miss, but it works for me..

To tell if PCI/PCI-X/PCI-e, I either look at the properties of the lan interface or lookup the lan interface on the manufacturers website.

hth...Jeff
0 Kudos
Pieter 't Hart
Honored Contributor

тАО02-18-2011 12:01 AM

тАО02-18-2011 12:01 AM

Re: Wireshark Packets no VLAN

>>> port 48 is untag on Vlan1<<<


the monitoring port will not behave as a q-in-q trunk!
so vlan-tags will be stripped before any packet is sent out to the port on vlan1!

if you want your packets sent out tagged, you'll need to tag the port for each additional vlan you need to monitor.
0 Kudos
PEI_1
Advisor

тАО02-18-2011 02:26 AM

тАО02-18-2011 02:26 AM

Re: Wireshark Packets no VLAN

Thanks Jeff, I solved the problem today, the 2 links you provided is the key:

http://wiki.wireshark.org/CaptureSetup/VLAN
http://www.intel.com/support/network/sb/CS-005897.htm (My PC uses INTEL Nic)

I found the registry entry and added the DWORD, set it to value 1. Restart PC, Wireshark displayed 802.1q priority nicely.

I do not have to tag the monitoring port, also do not need to use a virtual Nic for my wireshark PC to connect to the monitoring port.

Another thing about monitoring port, the packets were sent to the monitoring port before they were sent to egress. As the packets were monitored before they were applied with VLAN priority, the packets priority was 0 on Wireshark. I have configured a VLAN priority on SW1.

I changed my monitoring port from SW1 to SW2, monitored on the connecting port on SW2. Ping from the PC attached to SW1 to the PC attached to SW2. I could see the packet priority set for the direction from SW1 to SW2. Can't remember the reply packet if still preserve the priority. As both connecting ports and ports attached to PCs are tagged with the same VLAN, I am expecting the reply packets from SW2 to SW1 would have the same VLAN priority.

Also turned on qos type-of-service diff-services, the default priority 7 for DSCP 46 appears nicely on incoming packets.


How do I trace my submitted questions on this forum?

Have a nice weekend.
Pei
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.