PVID Uses

RouterOS General
21

I found some notes I made about pktmon, but never played much with it, since I am used to using wireshark. I do wonder what it anything, it would show. Maybe when I get some time I will try capturing with it.

I did find this about a packet capture utility, pktmon, built into win10. Windows 10 quietly got a built-in network sniffer, how to use (Bleeping Computer article by Lawrence Abrams. After I knew what to look for, I found this MicroSoft documentation: Packet Monitor (Pktmon), Pktmon command formatting, and pktmon start. The commands and the way it operates reminds me of OpenVMS SDA extensions.

Start with the Bleeping Computer article. Read the comments too, which have links to other useful pktmon related resources. Noteworthy: Link to Michael McDonnell’s https://github.com/cyberlibrarian/pktmon-quick-reference (PDF), and there was also a link to a recorded youtube livesteam Technical Tuesday: NEW Windows 10 Packet Sniffer by Michael McDonnell.

22

In fact, long ago I made a support call to 3com (that was a manufacturer of switches at the time) about an issue with their “port mirror” function.
I had noticed that when using that function to monitor traffic, it would incorrectly output a VLAN tag in some circumstances. I think that it output a VLAN tag with VLAN 1 for traffic on the monitored port in one direction, and no VLAN tag at all for traffic in the other direction, for traffic that was on VLAN 1 and was untagged on the monitored port.
I could easily observe the problem with my Linux system and sent them captures, but they were unable to reproduce it, using their Windows systems for capturing.
It made it very difficult to monitor traffic as the software I used (I think tcpdump, it was before the wireshark days) could not observe both directions as related to the same network. But it was never resolved because the 3com technicians simply could not see it. They even sent me a new switch! (which of course behaved exactly the same)

23

I normally run wireshark on a PC, but often I am analyzing pcaps from other devices (like raspberry pi). So perhaps my memory of seeing vlan tags was from a capture from another device.

24

@ buckeye

I did find this about a packet capture utility, pktmon, built into win10. Windows 10 quietly got a built-in network sniffer, how to use…

afaik, packet monitor was there since windows nt 2000, the whole package along with the system monitor, the disk monitor etc in the control panel and gpo. it has plenty switch to use for network related monitoring.

the tcpdump is unix linux native network analysis tool. very handy with that -vv switch.

then, was followed by snort using pcap/winpcap for frame and packet copying nor capturing. which later Wireshark and dynamips nor gns3 uses it as well.

by the way, nice topic but I think it’s a bit away from the original pvid topic :+1:t2: