Hi All, As the title says: How to capture VLAN tags on the trunk/tagged port with the Wireshark. is it possible? Let's say I do have a switchport configured listening on the "tags" 10,20,30 (trunk port really). Haker connects with PC to this port. Running Wireshark. What info will hacker able to see? Thank you, Mykhaylo asked 11 Apr '17, 03:37 Myky edited 11 Apr '17, 03:38 |
One Answer:
If the packets leaving the switch on that port have the 802.1Q tag (which they should, as you said it's a trunk port) then yes, you can see them. But since at the port resides no real traffic destination, only few packets will be sent using that port. Mostly it'll be broadcast and multicast traffic, but if you worry about VLAN tags: yes, the "hacker" can see them (assuming a compatible NIC is used for the capture). answered 11 Apr '17, 03:44 Jasper ♦♦ edited 11 Apr '17, 13:38 Guy Harris ♦♦ |
Hello Jasper,
Appreciate your response. So idea is to understand if I do have switch port configured for Access Point where management VLAN is also tagged by AP (apart from the different SSID VLANS). So lets say SSID1=10, SSID2=20 and MGMT VLAN=30. Switchport configured as a trunk to accept 10, 20 and 30 VLAN tags. So hacker removes the AP and plugs in his PC, fire up wireshark and all VLAN tags are visible. Is that correct?
Thank you, Mykhaylo
yes, that's correct, but not really "hacking" - it's a physical security issue :-)
Yep l do agree :0 thanks!