This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Find Vlan ID’s

0

Hi,

We have been attempting to find the VLAN ID's without success. We've found some steps in other forums but seem to be missing one somewhere along the line. Can someone provide a step by step on how to find these using wireshark?

thanks.

asked 15 Sep '16, 15:32

SiO2yH2o's gravatar image

SiO2yH2o
6113
accept rate: 0%

What is your OS and which version and what is your Wireshark version?

(15 Sep '16, 15:51) Jaap ♦

We have tried several different machines with different windows OS's. Most recently we are using a Lenovo t61 running windows 8.1. the wireshark version is 2.2.0.

(16 Sep '16, 15:21) SiO2yH2o

One Answer:

0

Hello,

If I understood the issue correctly: It depends on where you are trying to capture the traffic. If you are connected to an access switchport you won't be able to see the VLAN tag, the traffic is not encapsulated, try setting up a SPAN/RSPAN port and mirror the traffic from a trunk switchport and there you will see all the 802.1q header.

answered 15 Sep '16, 23:03

panai's gravatar image

panai
6113
accept rate: 0%

We'll give it a shot. Thanks.

(16 Sep '16, 10:07) SiO2yH2o

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(16 Sep '16, 12:10) Jaap ♦

The reason why @Jaap was asking what OS you use was that most network card drivers on Windows strip the VLAN tags off the incoming frames before handing them over to the capturing filter of WinPcap or NPcap even if they let VLAN-tagged frames in. So even if you have a monitoring port of a switch which sends you mirrored traffic of a source port through which tagged packets flow, you may not see the tags if capturing on Windows. On most linux drivers this is not a problem. I have no experience on OS X.

(16 Sep '16, 13:39) sindy

Thanks Sindy, that would make sense on why we can't see the id. Any suggestions?

(16 Sep '16, 15:22) SiO2yH2o
(16 Sep '16, 15:57) Christian_R
(16 Sep '16, 19:55) Jaap ♦

much appreciated.

(19 Sep '16, 10:05) SiO2yH2o
showing 5 of 7 show 2 more comments