2 Replies Latest reply on Apr 7, 2011 7:57 AM by

    Sniffing VLAN tag on 82577LM NIC

    enonogi

      Hello everyone,

       

      I just got new notebook with Intel 82577LM NIC. When I sniff trunk port Wireshark does not show me VLAN tag.

       

      I found this article http://www.intel.com/support/network/sb/cs-005897.htm, but my registry does not contain neither of DWORDs. I also tried to add them but it did not help much. I am running the latest 11.8.75.0 drivers.

       

      VLAN sniffing capability is crucial for me, so any info on how to trick the diver not to strip VLAN would be verrry welcome.

       

      Thanks for you help in advance.

        • 1. Re: Sniffing VLAN tag on 82577LM NIC

          I am looking for the same thing.  Has there been any progress on this issue?

          • 2. Re: Sniffing VLAN tag on 82577LM NIC

            The changes in the registry did work for me -- I had (of course) to do them in the CurrentControlSet, not ControlSet001.

            I just added both DWORDs (MonitorMode and MonitorModeEnabled) and set them to 1 (0x01).

            Registry Path: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001"

            Maybe you have to use a different last "directory" and not 0001. You can check that with the key "DriverDesc" there, the correct one should be "Intel(R) 82577LM Gigabit Network Connection".

            After a reboot it worked, but only for sniffing. I could not use that interface for data connection after that -- before that was possible (has probably to do whether the tags are added by the OS or not).

            I used the latest driver version 11.10.86.0, date 2011/02/10 with Windows XP

             

            But I have a problem myself:

            I have also installed OpenSUSE 11.4 (dual boot), and with linux I can use tags (modprobe 8021q; vconfig add eth0 10; ifconfig eth.10 <IP>) but

            when trying to sniffer with tcpdump or wireshark the module crashes (still don't know whether the e1000e or 8021q module is the culprit). Linux is still working, but most (all?) tools that access the network stack won't work anymore. A simple "vconfig del eth0.10" fails and produces the same behaviour.

            A reboot is not possible, i have to switch off the notebook.

            I used two different versions of e1000e, 1.2.7-k2 and 1.3.10a, both the same effect.