I'm running Linux Mint Qiana and have two options for ethernet interfaces:
It doesn't appear that the 802.1Q header is visible in the received frames, even for TCP packets for a video stream (at least for the default setup of wireshark that I'm using). I imagine that this either because the frames aren't being sent with a specific 802.1Q inserted or because this portion of the header is stripped before being sent to the final desitnation (or simply because my network card is performing that functionality). There must be some way to create a setup in which the 802.1Q header can be viewed though, as the 802.11e[1] priority differentiation depends on the value of the priority code point of the header. I need to be able to act on this priority for testing purposes, so does anyone have any ideas how I might make such a setup? asked 27 Jul '15, 10:31  cancub |
One Answer:
VLAN tags are removed by the switch before delivering to the end device. To view VLAN tags, you will need to be able to view frames as they traverse the switch. Please the below wiki page: https://wiki.wireshark.org/CaptureSetup/Ethernet NOTES:
If you try one of the configurations in the wiki and still have issues, I would recommend opening a new question with more specific information. answered 27 Jul '15, 10:41  Amato_C |
Assuming this is always the case, how do 802.11 access points determine which traffic class an incoming packet belongs to?
That is a switch configuration. And of course, different switches have different configurations. But the idea is to create the VLANs in the switch. Then on the port connected to the AP, you must configure the VLANs that will be used by the access point. On the access point, the VLANs must also be configured and usually assigned to separate networks.
It is important to note the VLANs must be created throughout your entire switch networks. So if you have inter-connecting switches, you will need to configure VLAN trunks to ensure the VLANs travel across the network.
It is important to note that the AP's are layer 2 devices and will remove the VLAN tags before sending the data to the end client (i.e., wireless client). So if you are looking for VLAN tags, you need to perform the capture at the wired Ethernet interface from the switch (i.e., the interface between the AP and the wired switch).
Ah, I think I understand now. Thank you very much for your detailed response. So there's no way to configure switches to forward frames without removing VLAN tags?
Depends what port you are talking about.
Port(s) used to connect switches = these are VLAN trunks and the switch will not remove the VLAN tags.
Port going to an access point = VLAN tags will not be removed. This assumes the AP is configured with VLANs
Port connecting to an end client = switch will automatically remove the VLAN tag
So assuming you have a VLAN trunk, you could perform a wired capture and see the VLAN tags. Or if you AP allows, you could perform a capture on the wired interface and see the VLAN tags.
But if your intention is to capture VLAN tags going to an end client (i.e., switch port connects directly to a PC host), then the answer is no.