Could you please tell me how to configure Ethernet card for capturing vlan tag packet with wireshark? My ethernet card is the "Realtek PCIe GBE Family Controller" in WINDOWS 7. I have download the latest drivers and the utility software. with the utility network software i have te possibility to set vlan id in the port but the wireshark isn't able to capture vlan id (I Send ethernet frames with 1518 bytes packet size and the wireshark captures 1514 bytes. the 4 bytes for vlan tagging don't appear). thanks asked 31 Aug '11, 06:38 akalavri edited 31 Aug '11, 06:40 |
3 Answers:
The "Realtek PCIe GBE Family Controller" NIC can be configured to not strip the vlan tags, by going to the Adapter Settings and setting "Priority & VLAN" to "Priority & VLAN disabled". All the other values for this option will make the driver delete the VLAN tags from the frame. answered 31 Aug '11, 10:25 SYN-bit ♦♦ I disabled the setting "Priority & VLAN" and the Wireshark is able to capture the Vlan ID. Thanks for the answers! (04 Sep '11, 02:23) akalavri I changed your answer to a comment to keep the nature of Q&A going. You might want to accept SYNbits answer by using the checkmark button to the left to mark it as accepted. (04 Sep '11, 02:59) Jasper ♦♦ This Q&A saved my life. Just goes to show the internet can solve just about anything if you know what question to ask. Thank you people of the internet :-) So... yeah, I was having difficulty getting anything to fly on my realtek adapaters to between my router/switch lab. I could never figure out if the "VLAN & Priority" was supposed to be disabled or enabled so I figured enabled would allow VLAN traffic to pass and the only other comments on it said, "if you have VLAN & Priority in the adpater settings then it supports VLAN tagging..." ugh... thank you again. I buy you shots of your choice :-) (16 Apr '15, 21:57) Iz Lo |
The Realtek cards I have usually allow capturing of VLAN tags without any problems, and it shouldn't be necessary to set any VLAN id on the capture card itself. If you're saying you're only getting 1514 bytes I'd guess it's an untagged frame without the FCS (Ethernet checksum), not the VLAN header - which would mean, you can't capture VLAN tags because there weren't any. If you're capturing on a SPAN port you probably have to tell the switch to include VLAN tags in the spanned data (on Cisco devices you can do that by telling it to include the "encapsulation dot1q" when creating the span session). Otherwise the switch will strip the VLAN header before copying it to the SPAN output port. answered 31 Aug '11, 06:45 Jasper ♦♦ edited 31 Aug '11, 06:46 |
I wasn't able to get this to work properly just changing the "Priority & Vlan" setting. After 2 days of exploring and various google searches I found this topic. If changing that setting alone doesn't work for you: 1: Update your realtek drivers 2: The key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E972-E325-11CE-BFC1-08002BE10318}\00nn needs to have 4 values. '00nn' is the specific key that has the information for the adapter you intend on capturing on. Add or edit the following DWORDs
Restart your computer, make sure there's no firewall preventing wireshark from seeing the nolonger vlan tagged packets, and you should be good to go. answered 01 Jun '16, 08:48 Darinth Thanks, this has really worked! (02 Jun '16, 09:35) Josemi Thanks Darinth it worked, I just modified the MonitorModeEnabled, it was in 0. The *PriorityVLANTag was already in 0. I didn't add MonitorMode neither add SkDisableVlanStrip. I modified the "Priority & VLAN" settings and set to "Priority & VLAN disabled" but it didn't work. (27 Jan '17, 07:15) Adan Ortiz |
Hello,
I have the same "Realtek PCIe GBE Family Controller" in Windows 7 Home Premium, driver 7.67.1226.2012. I have disabled the setting "Priority & VLAN" and the Wireshark is NOT able to capture the Vlan ID. Thanks for the answers!