Wireshark · Ethereal-users: Re: WG: [Ethereal-users] Supported Networkcards

Ethereal-users: Re: WG: [Ethereal-users] Supported Networkcards

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 08 Sep 2004 21:23:12 -0700

Voss Michael wrote:

no packet is missing but in the captured packets we are not able to see the
IEEE802.1d (IEEE VLAN trunking).
We are monitoring on a Vlan trunk port of a cisco router. Attached i am sending
two screenshots


...where by "screenshots" you really mean "PowerPoint presentations".
Please don't send screenshots as PowerPoint presentations; it's also
wrong to send them as Word documents, but at least I might be able to
get AppleWorks on my machine at home to read them (but many others on
the list might have *no* tools to read them).  I don't have Office on
any of my machines, I don't have Keynote on any of my machines, the old
version of KOffice on one machine doesn't seem to do a good job of
reading Word documents or PowerPoint presentations, and the Word and
PowerPoint viewers I have are on a machine other than the one on which I
read mail.

The *best* way to send information such as this is would be to send the
capture files, or the relevant packets from them.  The second-best way
would be to send them as text, with "Export as Plain Text" or "Print to
file".  The third-best would be to send them as JPEGs or GIFs or perhaps
PNGs, if you *have* to send them as pictures.  Sending them as .bmps
isn't really "fourth-best", as it's not really "good", as many people on
the list might not have software that can read .bmp files.

of two traces that were both done in the same test point: one has the 802.1d
header (was done with another computer)and the other doesn't show it.


The capture on another computer was probably done on a "raw" Ethernet
device, rather than on a VLAN device.  It might be the case that, for at
least some network adapters, on Windows (as is the case on at least some
UN*Xes), on a machine connected to a VLAN there are two network device
objects - one that corresponds to the actual network adapter, and one
that corresponds to the connection to the VLAN.  The driver for the
network adapter captures raw Ethernet packets, with 802.1q VLAN headers;
packets for a VLAN will have the VLAN header removed and be delivered to
the "virtual" network device object for that VLAN.  For some other
adapters, the VLAN processing might be done entirely in the adapter, so
that only packets for the VLAN are delivered, and the VLAN header is
already stripped off.

If you capture on a device that supplies packets without the VLAN
header, you will obviously not see the VLAN header.  That's probably
what happened with the trace that doesn't show the 802.1q headers.

I don't know which adapters would have both "raw" and VLAN devices, if
any, and I don't know how you'd arrange to capture on the "raw" device,
if it's available.

Prev by Date: [Ethereal-users] OT general window manager question
Next by Date: [Ethereal-users] IP address resolution using /etc/hosts
Previous by thread: Re: [Ethereal-users] OT general window manager question
Next by thread: [Ethereal-users] IP address resolution using /etc/hosts
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$