wireshark and tcpdump monitoring of vlans on debian

I was troubleshooting some vlan issues today and was annoyed that when dumping eth0 (a trunk) I was not seeing the vlan headers for each packet. This makes it pretty difficult to tell which vlan the traffic is destined for, because I have to dump the vlan interface and the physical interface at the same time and use deduction.

I found this in the man page for vconfig which explains that Broadcom devices will strip vlan information:

VLAN will use Broadcom’s NICE interface when the network device supports it. This is necessary, since usually the hardware of these devices already  removes  the vlan tag from the ethernet packet. The set_flag option on vlan-devices created on such a physical network device will be ignored.  Dumping the network-device will show only untagged(non-vlan) traffic, and dumping the  vlan-devices  will  only  show  traffic intended for that vlan, without the tags.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.