This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to capture untagged voice vlan packets on newer computers

0

Hi Guys,

Got a bit of a strange one with a IP phone using an untagged voice vlan and a untagged data vlan.

I am capturing the traffic through a 3750x for the following int:

source (IP Phone):
interface GigabitEthernet2/0/3
 description Mitel IP Phone
 switchport access vlan 108
 switchport voice vlan 107
 mls qos trust dscp

mirroring the port:

Session 1

Type                    Local Session
Source Ports           : 
    Both               : Gi2/0/3
Destination Ports      : Gi1/0/8
    Encapsulation      : Native
          Ingress      : Disabled

If i use laptop #1:

OS - win 7 x86
wireshark - 1.10.6 
win pcap 4.1.3 
NIC - intel (R) 82577LM

it works fine when i capture and filter:

ip.addr==ip phone ip

However as i need to capture a call at multiple locations, i need another machine with wireshark:

Laptop#2 :

OS - win 7 x64
wireshark - 1.12.4 
win pcap 4.1.3 
NIC - Broadcom NetXtreme Gigabit Ethernet

I'm unable to see any packets for the untagged voice vlan 107 even through im using the same syntax and same destination port and cable.

I have tried this on multiple different machines and it seems that anything relatively new doesnt work

Any help would be greatly appreciated, thank you

Rich

asked 17 Mar '15, 08:25

RJE's gravatar image

RJE
6114
accept rate: 0%

edited 17 Mar '15, 09:48


One Answer:

1

First of all, your configuration makes the switch forward the voice packets with a 802.1Q tag of 107. Have a look at http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_11_yj/configuration/guide/scg/swvoip.html:

switchport voice vlan vlan-id

Instruct the Cisco IP phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP phone forwards the voice traffic with an 802.1Q priority of 5.

Valid VLAN IDs are from 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1001 when the standard software image is installed. Do not enter leading zeros.

Whether vlan tagged frames are being discarded or forwarded with the vlan tags stripped or as is depends on the registry settings for the NIC driver. Have a look at https://wiki.wireshark.org/CaptureSetup/VLAN#Windows for more info on how to capture vlan tagged packets.

answered 17 Mar ‘15, 12:13

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks for the reply Syn-bit, trying out these fixes now

(18 Mar ‘15, 03:48) RJE