This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

make Wireshark analysis vlan aware

2

I've often the problem, that I have the same traffic flow on diffrent vlans but in the same capture file. Than you get a lot of errors from the analysis engine that you have duplicate packets etc.

Is there a way to configure Wireshark to treat the same flow on diffrent vlans as diffrent flows in the analysis?

I know that I can split up the capture file in several smaller files filtered by vlan. This would solve the problem, but that's not what I want to do ;-)

asked 13 Sep '10, 17:49

Oliver's gravatar image

Oliver
91116
accept rate: 0%


2 Answers:

2

There is already an enhancement request for this feature filed at bugzilla. There are more situations than just multiple vlans. However, I suspect the vlan case to be the most seen in the field (well, at least in the networks where I do troubleshooting), so fixing it first for vlan tagging only might be justified IMHO :-)

answered 15 Sep '10, 12:29

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

1

There is currently no configuration option to support that. The code would have to be changed so that:

  1. The VLAN ID is stored with the packet info,
  2. The re-assembly and analysis functions in the dissectors use this ID as a key to search for and process conversation and packet data.

answered 14 Sep '10, 03:41

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%