There are some other ways to get around this on Windows. One is if your NIC supports VLAN capabilities (Intel ANS for instance) that can be exposed to Wireshark. I also eventually (and I mean, eventually) found a way to get my laptop + usb to gbe adaptor, to show vlan tags in Windows+Wireshark when capturing off a SPAN port. It might be chipset/driver specific, but in my case, actually disabling .Q/Vlans in the windows driver setting, seems to let it operate in some sort of raw mode which passed the vlan tagging off the port straight through to wireshark for display. Still, the old physical tap as shown here is a rock solid approach.
Network taps are sometimes convenient, but never required. There is no switch that supports VLANS that doesn't support port mirroring that I'm aware of. And they all support trunk ports. Beyond the scope of this comment, but Windows does support capturing tags for many adapters. It depends on the driver you have installed. I would say network taps are tools to make things easier or for when you don't have access to the switch to make config changes.
Hmm don't think windows is to blame... I have captured vlan traffic fine on windows / wireshark... I've had had to go into the adaptor setting and enable vlans but then it's fine... I think it's more likely dependant on the nic
thank you! I was pulling my hair out for 2 days with windows and wireshark proving vlan tags on IP phones. Gonna get a linux laptop!. But CAN it be done with windows if you change windows PC nic to the vlan your wanting to capture/prove ???
hope you'll find this interesting For wifi, unify products have a good price/quality ratio especially with the free management solution. For switches I did =cisco for 7 years but got very impressed by juniper switch line : + junOS (freebsd based) is constant on all their devices including firewall, so what you learn is applicable to their whole line of products and you have all standard *nix tools available + configuration is indented and very clear to read, to understand at first look, almost no "invible defaults" in the configuration, you can be several admin modifying the conf at the same time (you just have to "block" the section you are working on) + you never work on the running configuration but on a candidate conf : you can do commit+rollback if you didn't confirm anything for 1min, you have the history of all commits, you can see diff between conf/commits + physically some models have lcd screens = no label needed anymore, all models have power cable retention cables, hotplug redundant power supplies, fans that can blow front to back or reversely (mandatory in datacenter)... I faced 2 problems - you must subscribe their support to keep getting updates...in 2019 this practice should just be forbidden... - the management/out of band port was sharing the same forwarding table as the rest of the switch and I could not get it really separated without VRF = expensive "extended" license...never found a solution to that
@@davidstievenard6313 Thanks for the insight. I've been using Unifi for years but got annoyed by hardware failure and the cloud key bricking. Believe it or not I switched myself and my family over to Google WiFi and it works great. Most impressed with the management system. With a press of the button you can test WiFi speed from the AP to the device which I find useful. I forget how it does this tho? Blasts some kind of packet type any device can respond to? I know it isn't ping. Anyhow I'll have to look into Juniper switches. I tossed all my Netgear hardware in the trash.
bit late to the party-I'm guessing using a MacBook, as its built on linux-it should see all VLAN info? Or does that depend on the crappy USB adaptor you use as well :-)
I'd probably agree with you at a guess, but I'd have to dig out my old Macbook that actually has an Ethernet port on it to check. I'm tippin' it would, as you say.
in the configuration of your NIC search for "packet priority & VLAN" and set it to "packet priority & VLAN disabled". After that you will be able to see all the VLANs in Wireshark
you can set you nic properties to form an access port to a trunk ., goto you nic's config ., look for advance ., in the property ., look for "priority & VLANs - drop-down box disable that option
Geezus! No wonder I never could figure out VLANs and if the were working! Great to know!
I was wondering if there was something wrong with my setup.
Thanks for demonstrating that Windows-Wireshark problem and also thanks for the video!
There are some other ways to get around this on Windows. One is if your NIC supports VLAN capabilities (Intel ANS for instance) that can be exposed to Wireshark. I also eventually (and I mean, eventually) found a way to get my laptop + usb to gbe adaptor, to show vlan tags in Windows+Wireshark when capturing off a SPAN port. It might be chipset/driver specific, but in my case, actually disabling .Q/Vlans in the windows driver setting, seems to let it operate in some sort of raw mode which passed the vlan tagging off the port straight through to wireshark for display.
Still, the old physical tap as shown here is a rock solid approach.
Mate that was the best short description/video on this issue, took me a long time to figure out what you explained simply in 5mins, Thank you!
Network taps are sometimes convenient, but never required. There is no switch that supports VLANS that doesn't support port mirroring that I'm aware of. And they all support trunk ports. Beyond the scope of this comment, but Windows does support capturing tags for many adapters. It depends on the driver you have installed.
I would say network taps are tools to make things easier or for when you don't have access to the switch to make config changes.
Mirror trunk port it show you tagged and untagged at same place ...or only untagged then mirror vlan port it shows you tagged only
Hmm don't think windows is to blame... I have captured vlan traffic fine on windows / wireshark... I've had had to go into the adaptor setting and enable vlans but then it's fine... I think it's more likely dependant on the nic
That's an awesome tip, did not know that.
Glad you like it. Sure there are ways to mess around with WIndows to get it to work, but generally it doesn't. Just stick with Linux :)
thank you! I was pulling my hair out for 2 days with windows and wireshark proving vlan tags on IP phones. Gonna get a linux laptop!. But CAN it be done with windows if you change windows PC nic to the vlan your wanting to capture/prove ???
What is your favorite switch and access point brand?
hope you'll find this interesting
For wifi, unify products have a good price/quality ratio especially with the free management solution.
For switches I did =cisco for 7 years but got very impressed by juniper switch line :
+ junOS (freebsd based) is constant on all their devices including firewall, so what you learn is applicable to their whole line of products and you have all standard *nix tools available
+ configuration is indented and very clear to read, to understand at first look, almost no "invible defaults" in the configuration, you can be several admin modifying the conf at the same time (you just have to "block" the section you are working on)
+ you never work on the running configuration but on a candidate conf : you can do commit+rollback if you didn't confirm anything for 1min, you have the history of all commits, you can see diff between conf/commits
+ physically some models have lcd screens = no label needed anymore, all models have power cable retention cables, hotplug redundant power supplies, fans that can blow front to back or reversely (mandatory in datacenter)...
I faced 2 problems
- you must subscribe their support to keep getting updates...in 2019 this practice should just be forbidden...
- the management/out of band port was sharing the same forwarding table as the rest of the switch and I could not get it really separated without VRF = expensive "extended" license...never found a solution to that
@@davidstievenard6313 Thanks for the insight. I've been using Unifi for years but got annoyed by hardware failure and the cloud key bricking. Believe it or not I switched myself and my family over to Google WiFi and it works great. Most impressed with the management system. With a press of the button you can test WiFi speed from the AP to the device which I find useful. I forget how it does this tho? Blasts some kind of packet type any device can respond to? I know it isn't ping. Anyhow I'll have to look into Juniper switches. I tossed all my Netgear hardware in the trash.
Thanks mate - helped me out a lot!
I'm glad someone else still does this shit!
bit late to the party-I'm guessing using a MacBook, as its built on linux-it should see all VLAN info? Or does that depend on the crappy USB adaptor you use as well :-)
I'd probably agree with you at a guess, but I'd have to dig out my old Macbook that actually has an Ethernet port on it to check. I'm tippin' it would, as you say.
So why is it that wireshark on windows won't show the tag?
Good question and I'm wondering the same. Was your question ever answered?
Anyway around the Windows inability to receive VLAN tags? and even with your wiretap it does not show VLAN tags?
Yeah, use Linux.
in the configuration of your NIC search for "packet priority & VLAN" and set it to "packet priority & VLAN disabled". After that you will be able to see all the VLANs in Wireshark
Need to get me one of those wiretap ma-bobbies, would save so much time...
Thanks for reminding me. I just put the link in the description.
Hey man, are you sure you have enough monitors ?
I'll answer that for you: "you can never have enough"
I have too many. Time for some to go.
Thank you
want to capture VLAN_ID go change OS
your wrong with windows you see other vlans ., fist of all ., you need to set the port to a trunk port as your source and any port for your dest
Steve Smith Could you explain further?
@@scotthannan8669 which part ? all switch port is in access port ., only one VLAN ., while a trunk port can see all vlan's
you can only see your traffic and multicast packets
there are many videos's on this subject
you can set you nic properties to form an access port to a trunk ., goto you nic's config ., look for advance ., in the property ., look for "priority & VLANs - drop-down box disable that option