tcpdump/bpf and seeing .1q tags
Charles Swiger
cswiger at mac.com
Wed Mar 9 12:21:10 PST 2005
On Mar 9, 2005, at 2:22 PM, Charlie Schluting wrote:
> So with tcpdump -e it somehow magically sees vlan tags.. even if
> hardware stripping of the tags is enabled. How?
tcpdump normally puts the interface into promiscuous mode.
Perhaps retry using the '-p' flag?
> More importantly, I'm trying to figure out if a bpf read will see them
> as well. Any insight on this?
Yes, or it will if you use promisc mode and an appropriate BPF filter:
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN
packet. If
[vlan_id] is specified, only true is the packet
has the
specified vlan_id. Note that the first vlan
keyword
encountered in expression changes the decoding
offsets
for the remainder of expression on the
assumption that
the packet is a VLAN packet.
--
-Chuck
More information about the freebsd-net
mailing list