Community discussions

MikroTik App
 
Josephny
Member
Member
Topic Author
Posts: 434
Joined: Tue Sep 20, 2022 12:11 am

VLAN packets in Wireshark?

Fri Oct 21, 2022 12:54 pm

I'm still struggling with VLANS as I've posted previously, but I thought this specific question might be better off as a separate post.

Running Wireshark on a Windows PC connected to port 3 of a CSS326.

Port 3 is in VLAN 10 and configured in STRICT mode with Default VLAN ID of 1 -- to use as an ACCESS type

Port 7 is in VLAN 10 and configured in STRICT mode with Default VLAN ID of 10 -- to use as a TRUNK type..

I got it to show the VLAN data (had to add a DWORD to Registry for NIC to NOT strip VLAN packets).

This is what is shows on wireshark:

848258 725.326229 Dell_be:55:84 Broadcast ARP 64 Who has 192.168.2.22? Tell 192.168.2.113

Frame 848258: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface \Device\NPF_{F3BC0773-0D22-48AB-B4CF-F90A5A606272}, id 0
Ethernet II, Src: Dell_be:55:84 (18:03:73:be:55:84), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 0000 0000 1010 = ID: 10
Type: ARP (0x0806)
Padding: 0000000000000000000000000000
Trailer: 00000000
Address Resolution Protocol (request)

Seems 192.168.2.113 doesn't know how to reach 192.168.2.22
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 232
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: VLAN packets in Wireshark?

Sat Oct 22, 2022 12:57 am

To understand what's going on with this packet you need to understand basic networking.

Here is a video that will hopefully help you, if you still have questions please ask for clarification. (I didn't actually watch it myself)
https://youtu.be/cn8Zxh9bPio
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: VLAN packets in Wireshark?

Sat Oct 22, 2022 2:10 am

ARP broadcasts are perfectly normal.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: VLAN packets in Wireshark?

Sat Oct 22, 2022 4:00 am

Port 3 is in VLAN 10 and configured in STRICT mode with Default VLAN ID of 1 -- to use as an ACCESS type
Port 7 is in VLAN 10 and configured in STRICT mode with Default VLAN ID of 10 -- to use as a TRUNK type..
Seems 192.168.2.113 doesn't know how to reach 192.168.2.22
That's because as far as the ip stacks in the two PCs are concerned, they are not connected to the same LAN (broadcast domain).

Because the PCs are not vlan-aware, they ignore the tagged packets they receive, and send all packets without any vlan tag.

The SwOS "default VLAN ID" is the Port VLAN ID (pvid) and it is the vlan that the switch will classify an untagged packet that it receives from the "wire" on that port. It is what Cisco would call the native vlan, or the access vlans (depending on whether the port was a trunk port or an access port).

So the untagged packet received by the switch on port 3 is classified into vlan 1.
An untagged packet received by the switch on port 7 is classified into vlan 10.

vlan 1 and vlan 10 are separate broadcast domains. Thus the two PCs can't see packets from each other.

Please reference the material in this post.

Who is online

Users browsing this forum: No registered users and 8 guests