Date: Wed, 9 Mar 2005 15:21:06 -0500 From: Charles Swiger <cswiger@mac.com> To: Charlie Schluting <charlie@schluting.com> Cc: net@freebsd.org Subject: Re: tcpdump/bpf and seeing .1q tags Message-ID: <3aa4b0ab62a3d4855fdc62383a77b9d5@mac.com> In-Reply-To: <20050309111759.O97008@schluting.com> References: <20050309111759.O97008@schluting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 9, 2005, at 2:22 PM, Charlie Schluting wrote:
> So with tcpdump -e it somehow magically sees vlan tags.. even if
> hardware stripping of the tags is enabled. How?
tcpdump normally puts the interface into promiscuous mode.
Perhaps retry using the '-p' flag?
> More importantly, I'm trying to figure out if a bpf read will see them
> as well. Any insight on this?
Yes, or it will if you use promisc mode and an appropriate BPF filter:
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN
packet. If
[vlan_id] is specified, only true is the packet
has the
specified vlan_id. Note that the first vlan
keyword
encountered in expression changes the decoding
offsets
for the remainder of expression on the
assumption that
the packet is a VLAN packet.
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aa4b0ab62a3d4855fdc62383a77b9d5>