Only with certain NIC you can capture VLAN ID and 802.1q
information, in the following post I will show the necessary steps, on Microsoft
Windows, to allow capture this information using Intel NIC.
The tagging frames get stripped out by the driver, however
making a registry change can be done in order to see the tags.
The registry key value depends on the NIC driver:
Adapter Driver
|
Registry Value
|
e1g, e1e, e1y
|
MonitorModeEnabled
|
e1c, e1d, e1k, e1q, e1r, ixe, ixn, ixt
|
MonitorMode
|
My NIC model is: 82567LM Gigabit card, in order to find the
adapter driver go to:
Start->Control Panel->Network and Sharing Center
Click on Change adapter settings on the left
Right click on the relevant NIC and choose properties
Click Configure
Choose the Driver tab
Click on Driver Details
In the following window you can see that my NIC type is e1y,
so for this NIC I will have to use MonitorModeEnabled registry key.
Now open the registry editor (Start->Run->regedit) and
go to:
HKEY_LOCAL_MACHINE
SYSTEM
ControlSet001
Control
Class
{4D36E972-E325-11CE-BFC1-08002BR10318}
Find you NIC folder by looking on the DriverDesc:
Here in my case it was 007, right click on this folder and
choose New->DWORD (32-bit) value:
Value name: MonitorModeEnabled
Value data: 1 (Hexadecimal)
The value can be either:
0 - Disabled (Do not store bad packets, Do not store CRCs,
Strip 802.1Q vlan tags)
1 - Enabled (Store bad packets. Store CRCs. Do not strip
802.1Q vlan tags)
Now reboot your machine in order the changes to take effect,
start Wireshark and start capture tags!
Resources:
http://www.intel.com/support/network/sb/CS-005897.htm
http://dot1x.blogspot.co.il/2010/03/sniffing-dot1q-tags-with-wireshark.html
Resources:
http://www.intel.com/support/network/sb/CS-005897.htm
http://dot1x.blogspot.co.il/2010/03/sniffing-dot1q-tags-with-wireshark.html
רכשתם שטח לבנייה ? יופי עכשיו צרו קשר { קבלן שלד } האוס בנייה וייזמות - קבלן בניין בדרום הכנסו לאתר להתרשם ולא תטעו
ReplyDelete