This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture vlan

0

I trying to capture what Vlan certain ports are configured for on my switch. Can wireshark do this? If so how do I set it up?

asked 09 Mar '11, 07:38

theman's gravatar image

theman
1111
accept rate: 0%


2 Answers:

1

I would go for the password recovery procedure as that will give you 100% certainty. If you want to deduct the vlan configuration of the switch you might be in luck by the packets it's sending.

  • The easiest would be to monitor the broadcast traffic on each port (especially the arp requests) and map the source ip addresses to your vlans.
  • If CDP or similar protocol is enabled on the switch, it will tell you the "Native Vlan ID" for the port on which the CDP packet was sent.
  • If Spanning-Tree is configured on the ports, depending on version of the protocol used, it may show you the vlan ID in the "Bridge System ID Extension" field.

answered 09 Mar '11, 09:00

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

0

You might be able to capture VLAN tags but only if you capture on a switch trunk port by introducing a hub/tap, or by mirroring it to the analyzer port including the VLAN tags (which otherwise might be stripped).

On the other hand: if you want to have a list of which ports are configured with which VLANs you should dump a switch port statistic on the switch itself.

answered 09 Mar '11, 07:43

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Ok, the problem is I can not access the switch config. The company lost the password. So I'm trying to configure a new switch for the network. It's multiple switches on the network and they are using the same vlan config. So I thought I could use wireshark to sniff the vlan config for each port. I'm very new at network sniffing

(09 Mar '11, 07:51) theman

Ok, I see. Can you access ANY of the switches, or do they all have the same password nobody knows about? Maybe you can find one where you can login and determine the VLAN config for the new switch?

What you can do is use Wireshark on each port by inserting a hub or (even better) a small switch with integrated monitor port (like the Dual-Comm DCSW-1005). That way you can see if there are any visible VLAN tags - if not you don't have a trunk port, otherwise you can see what VLANs are in use on that trunk.

(09 Mar '11, 08:18) Jasper ♦♦

Ok, I will try. Also, I talked with the switch manufacture and they provided me with a back door access. Hope it work thanks Jasper

(09 Mar '11, 08:43) theman