Re: [Wireshark-users] Ethereal - how it reads data from NDIS driver
Maxim Bakushin wrote: > I have a WinXP SP2 machine with a NDIS driver installed. Application > running on this machine re-assembles VLAN-tagged Ethernet frames and > sends them to a router via L2 switch. > When I run Ethereal (0.99.0, WinPcap 3.1) on this machine, I can see > correct VLAN-tagged Ethernet frames sent to the destination, but when I > monitor (with Ethereal) the LAN between that machine and L2 switch - the > frames do not include the VLAN-tags. Its seems me strange. Whether you'll see VLAN tags or not on Windows depends on whether the network adapter is configured to be "on a VLAN" or not, and on various other things: http://wiki.wireshark.org/CaptureSetup/VLAN#head-81781716144f2855ab0aff2f8b752e95f2562efb > So, my question is - what is source of information for Ethereal on the > WinXP machine ? The source of information is WinPcap, which connects its transport-layer driver to NDIS. For details, ask the WinPcap developers, or see some of their papers, such as http://www.winpcap.org/docs/iscc01-wpcap.pdf linked to from the page at http://www.winpcap.org/devel.htm ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Ethereal - how it reads data from NDIS driver
Are you sure that the monitor port of the switch you use is configured to forward tagged frames? On 11/13/06, Maxim Bakushin <[EMAIL PROTECTED]> wrote: > > > Hi, all. > > I have a WinXP SP2 machine with a NDIS driver installed. Application running > on this machine re-assembles VLAN-tagged Ethernet frames and sends them to a > router via L2 switch. > When I run Ethereal (0.99.0, WinPcap 3.1) on this machine, I can see correct > VLAN-tagged Ethernet frames sent to the destination, but when I monitor > (with Ethereal) the LAN between that machine and L2 switch - the frames do > not include the VLAN-tags. Its seems me strange. > So, my question is - what is source of information for Ethereal on the WinXP > machine ? > Thanks in advance. > maximb > ** > The contents of this email and any attachments are confidential, and are > proprietary > of "Shiron Satellite Communication". It is intended for the named > recipient(s) only. > If you have received this email in error, please notify us immediately by > replying to > the message and deleting it from your computer. > Do not disclose the contents to anyone or make copies. > > ** > > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Ethereal - how it reads data from NDIS driver
Hi, all. I have a WinXP SP2 machine with a NDIS driver installed. Application running on this machine re-assembles VLAN-tagged Ethernet frames and sends them to a router via L2 switch. When I run Ethereal (0.99.0, WinPcap 3.1) on this machine, I can see correct VLAN-tagged Ethernet frames sent to the destination, but when I monitor (with Ethereal) the LAN between that machine and L2 switch - the frames do not include the VLAN-tags. Its seems me strange. So, my question is - what is source of information for Ethereal on the WinXP machine ? Thanks in advance. maximb ** The contents of this email and any attachments are confidential, and are proprietary of "Shiron Satellite Communication". It is intended for the named recipient(s) only. If you have received this email in error, please notify us immediately by replying to the message and deleting it from your computer. Do not disclose the contents to anyone or make copies. **___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
