Wireshark mailing list archives

Re: Extracting outer MAC Address

From: Sake Blok <sake () euronet nl>
Date: Mon, 19 Jan 2015 15:07:57 +0100

Souds like https://tools.ietf.org/html/rfc3378 :-)

It would be nice to have an example file in the capture menagerie, If you can reply with a little capture file without 
any sensitive information in it, that would be nice :-)

Cheers,
Sake


On 19 jan 2015, at 07:58, Rayne wrote:

I see 2 full Ethernet headers in Wireshark - Ethernet with Source/Dest MAC address, IPv4, EtherIP Version 4, Ethernet 
with Source/Dest address, 802.1Q VLAN, IP.

Wireshark can dissect it.

From: Guy Harris <guy () alum mit edu>
To: Rayne <hjazz6 () ymail com>; Community support list for Wireshark <wireshark-users () wireshark org> 
Sent: Monday, January 19, 2015 2:52 PM
Subject: Re: [Wireshark-users] Extracting outer MAC Address

On Jan 18, 2015, at 10:00 PM, Rayne <hjazz6 () ymail com> wrote:

Hi all,

I have vlan packets that contain 2 Ethernet headers,



I.e., you have some form of VLAN other than an IEEE VLAN?

*IEEE* VLANs do not have two full Ethernet headers; they have a regular Ethernet header, with a destination address, 
a source address, and a type/length field, with the type/length field having a type value such as 0x8100 or 0x9100.  
That's followed by a VLAN header with a priority code point, drop eligible indicator, VLAN ID, and type field.

What sort of VLAN is this?  Can Wireshark dissect it?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Extracting outer MAC Address Rayne (Jan 18)
- Re: Extracting outer MAC Address Guy Harris (Jan 18)
  - Re: Extracting outer MAC Address Rayne (Jan 18)
    - Re: Extracting outer MAC Address Jim Young (Jan 18)
    - Re: Extracting outer MAC Address Rayne (Jan 19)
    - Re: Extracting outer MAC Address Sake Blok (Jan 19)
    - Re: Extracting outer MAC Address Rayne (Jan 19)
    - Re: Extracting outer MAC Address Rayne (Jan 19)
    - Re: Extracting outer MAC Address Evan Huus (Jan 20)
    - Re: Extracting outer MAC Address Sake Blok (Jan 19)