[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

tcpdump doesn't show VLAN IDs

tcpdump ion current Debian testing does not show the VLAN ID in 802.1q
tagged Ethernet frames.

I have observed this using two machines:
(A) Linux-2.4.34.4, almost everything compiled on my own from scratch
    tcpdump-3.9.5 and libpcap 0.9.5
(B) Debian testing, up to date, kernel 2.6.18-4-686, tcpdump 3.9.5 and
    libpcap 0.9.5.

I have configured VLAN 100 on both machines using vconfig add eth0 100, 
have set addresses 172.16.6.1/24 and 172.16.6.2/24 resp. to eth0.100
interfaces, and have set the interfaces up.  The VLAN works.

But if I run tcpdump on eth0 on the Debian machine, it doesn't show me
the VLAN ID.

On (A) I do

   ping -c1 172.16.6.2

and I run tcpdump on both machines on interface eth0:

host-A # tcpdump -ne -i eth0 -xx not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:55:48.128953 00:00:d1:9d:7b:a8 > 00:90:27:8f:dc:65, ethertype 802.1Q (0x8100), length 102: vlan 100, p 0, ethertype IPv4, 172.16.6.1 > 172.16.6.2: ICMP echo request, id 44817, seq 0, length 64
        0x0000:  0090 278f dc65 0000 d19d 7ba8 8100 0064
        0x0010:  0800 4500 0054 0000 4000 4001 d685 ac10
        0x0020:  0601 ac10 0602 0800 dd63 af11 0000 444f
        0x0030:  6546 d5f1 0100 0809 0a0b 0c0d 0e0f 1011
        0x0040:  1213 1415 1617 1819 1a1b 1c1d 1e1f 2021
        0x0050:  2223 2425 2627 2829 2a2b 2c2d 2e2f 3031
13:55:48.129669 00:90:27:8f:dc:65 > 00:00:d1:9d:7b:a8, ethertype 802.1Q (0x8100), length 102: vlan 100, p 0, ethertype IPv4, 172.16.6.2 > 172.16.6.1: ICMP echo reply, id 44817, seq 0, length 64
        0x0000:  0000 d19d 7ba8 0090 278f dc65 8100 0064
        0x0010:  0800 4500 0054 d656 0000 4001 402f ac10
        0x0020:  0602 ac10 0601 0000 e563 af11 0000 444f
        0x0030:  6546 d5f1 0100 0809 0a0b 0c0d 0e0f 1011
        0x0040:  1213 1415 1617 1819 1a1b 1c1d 1e1f 2021
        0x0050:  2223 2425 2627 2829 2a2b 2c2d 2e2f 3031

host-B (Debian) # tcpdump -ne -xx -i eth0 not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:55:48.127450 00:00:d1:9d:7b:a8 > 00:90:27:8f:dc:65, ethertype 802.1Q (0x8100), length 102: ethertype IPv4, 172.16.6.1 > 172.16.6.2: ICMP echo request, id 44817, seq 0, length 64
        0x0000:  0090 278f dc65 0000 d19d 7ba8 8100 0064
                                               ^^^^^^^^^
        0x0010:  0800 4500 0054 0000 4000 4001 d685 ac10
        0x0020:  0601 ac10 0602 0800 dd63 af11 0000 444f
        0x0030:  6546 d5f1 0100 0809 0a0b 0c0d 0e0f 1011
        0x0040:  1213 1415 1617 1819 1a1b 1c1d 1e1f 2021
        0x0050:  2223 2425 2627 2829 2a2b 2c2d 2e2f 3031
13:55:48.127546 00:90:27:8f:dc:65 > 00:00:d1:9d:7b:a8, ethertype 802.1Q (0x8100), length 102: ethertype IPv4, 172.16.6.2 > 172.16.6.1: ICMP echo reply, id 44817, seq 0, length 64
        0x0000:  0000 d19d 7ba8 0090 278f dc65 8100 0064
                                               ^^^^^^^^^
        0x0010:  0800 4500 0054 d656 0000 4001 402f ac10
        0x0020:  0602 ac10 0601 0000 e563 af11 0000 444f
        0x0030:  6546 d5f1 0100 0809 0a0b 0c0d 0e0f 1011
        0x0040:  1213 1415 1617 1819 1a1b 1c1d 1e1f 2021
        0x0050:  2223 2425 2627 2829 2a2b 2c2d 2e2f 3031

As you can see, the self-compiled tcpdump shows the VLAN tag, i.e.
"vlan 100, p 0" while the Debian version does not, although it sees
the complete ethernet frame header including the VLAN tag (marked
with ^^^^^^^^^ in the hexdump) and it shows that it is a VLAN tagged
frame.

Has Debian patched the tcpdump src or is this a bug?

urs
Reply to: