if i sniff all packets from my hEX (with the internal packet sniffer) with this simple configuration i see that the Mikrotik sent out packet with and without VLAN header (ICMP and TCP traffic from winbox) from 192.168.10.2/24:
All ports except ether2 are configured as trunk ports… What goes out a trunk port will have a Tag applied, and what comes in must have a Tag…
Your ether2 is an access port, so what goes out an access port will have its Tag removed…
An exception of the above are the hybrid ports, but those do not apply in your example, where you can have both Tagged and Untagged frames flowing through…
I understand but i mean that, for example, i am 192.168.10.1 and i am connected to the eth2 port (the access port), i ping 192.168.10.2 and i recevice the response, but from the packer sniffer i see multiple packet from 192.168.10.2 with and without the VLAN tag (VLAN 10), i expect that all packets are without tag or at least with default vlan 1
All untagged packets entering port ether2 will get a Tag applied with VLAN id=10… So your computer becomes a member of Vlan 10.
All packets leaving port ether2 that match VID=10 will have the Tag stripped…
I know how VLAN works, i want to understand how packet sniffer work in this context, see the attached images, there is multiple responses for the SAME ICMP request (ICMP request sent by my PC on eth2), one packet has vlan and the other don’t
If you run sniffer without setting filter-port property, then the very same packet will be captured multiple times, when ever it passes any of router’s ports/interfaces: ether2, bridge1, vlan-10, … sometimes it’ll be tagged, sometimes not, depending on port/interface configuration. Vlan interfaces will always show packets untagged. Bridge interface in your case will show it tagged. I’m not entirely sure about ether2 as I don’t know where sniffer captures frame, on the “wire side” of port (so frame will be untagged) or on the “bridge side” of port (so frame will be tagged).
