[PR]上記の広告は3ヶ月以上新規記事投稿のないブログに表示されています。新しい記事を書く事で広告が消えます。
昔「VLAN Tagは表示されない」事象があり、ふるーいNICカードで無理やりCaptureしたのだが、今回はそれも手元にないので、何とかならんのかと調べてみた。
すると、Wireshark Wikiで該当の記事を発見。
<Windows部分抜粋>
Intel
Some Intel Ethernet adapters and their drivers will, by default, strip VLAN tags when processing packets or strip tagged packets completely. If you want to see the VLAN tags when capturing on one of those adapters in promiscuous mode on Windows, you will need to disable this feature. You may also need to upgrade your driver for that. This is unrelated to working with Intel's specialized driver that adds VLAN support (see below).
See Intel's original support note on this for more details.要するにPremiscuous Modeをとめろということらしい。
これはありえない。
そこで、Intelのページ(↑のLink)に飛んでみる。
Solution:
Microsoft* Windows* ---
To allow tagged frames to be passed to your packet capture software you must go into the registry and either add a registry dword and value or change the value of the registry key. Depending on the bus type of your network adapter you will either create the keyword "MonitorModeEnabled" for PCI/PCI-X Network Adapters, or "MonitorMode" for PCI-e based Network Adapters.
The new key (dword) should be placed at:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\00xx
where xx is the instance of the network adapter that you need to see tags on. (Check by opening and viewing the name of the adapter).
Note: ControlSet001 may need to be CurrentControlSet or another 00x number.
If you are using a PCI or PCI-X Network Adapter the registry dword is: MonitorModeEnabled
Set the dword value to either:
0 - disabled (Do not store bad packets, Do not store CRCs, Strip 802.1Q vlan tags)
1 - enabled (Store bad packets. Store CRCs. Do not strip 802.1Q vlan tags)
If you are using a PCI-Express Network Adapter the registry dword is: MonitorMode
Set the dword value to either:
0 - disabled (Do not store bad packets, Do not store CRCs, Strip 802.1Q vlan tags)
1 - enabled (Store bad packets. Store CRCs. Do not strip 802.1Q vlan btag)
2 - enabled strip vlan (Store bad packets. Store CRCs. Strip 802.1Q vlan tag as normal)
In most cases you should set MonitorMode=1 or MonitorModeEnabled=1.
Warning: This modification should be made very carefully and only by skilled technicians since changes to the registry may disable your machine. This change should only be made for promiscuous mode/sniffing use.
警告はあるにせよ、早速regeditをあけてみる。
0001のフォルダにわんさかキーが入っているのだが、Intel独自のものがぞろぞろ。
何がなんだかわからないが、↑のMonitorModeはさておき、「TaggingMode」の値を0→1へ、「VlanFiltering」の値を1→0にして再起動。
実は、これだけではうまくいかなかった。
原因は・・・
→9/1の日記へ続く。