如何在VISTA下面抓到带VLAN tag的报文?
新买的thinkpad T61,系统是VISTA Ultimate,网卡是intel 82566MM gigabit network connection。抓包工具用了wireshark和sniffer发现都抓不到带tag的报文,相同环境下用另外一部台式机抓包发现是有tag的。
后来上网查了一下发现对于某些网卡需要修改注册表,-- [url]http://wiki.wireshark.org/CaptureSetup/VLAN#head-81781716144f2855ab0aff2f8b752e95f2562efb[/url]。
上门链接里面对于intel网卡的说明:
Special flag settings
For some of the more sophisticated adapters, a flag can be set to disable the stripping of VLAN tags.
Intel
Some Intel Ethernet adapters and their drivers will, by default, strip VLAN tags when processing packets or strip tagged packets completely. If you want to see the VLAN tags when capturing on one of those adapters in promiscuous mode on Windows, you will need to disable this feature. You may also need to upgrade your driver for that. This is unrelated to working with Intel's specialized driver that adds VLAN support (see below).
See Intel's original support note on this for more details.
然后从上文中链接到intel的网页--[url]http://support.intel.com/support/network/sb/CS-005897.htm[/url] 上,发现他需要改一个注册表的键值:
To allow tagged frames to be passed to your packet capture software you must go into the registry and either add a registry dword and value or change the value of the registry key.
The registry dword is MonitorModeEnabled. It should be placed at:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\00xx
where xx is the instance of the network adapter that you need to see tags on. (Check by opening and viewing the name of the adapter).
It should be set to read: MonitorModeEnabled= 1
Note: ControlSet001 may need to be CurrentControlSet or another 00x number.
我按照文中指示去操作,在vista下面就根本找不到他说的MonitorModeEnabled这个键,郁闷。
我有一些客户朋友的笔记本装的也是VISTA,不过他们的网卡是MARVELL的,按照第一个链接里面wireshark的说明设置以后就可以抓到VLAN tag的报文了,我的就怎么也不行。
个人认为是VISTA的问题,不是网卡的问题,也不想用回XP,诚心向各位大大请教,有知道怎么设置的请指点一下,谢谢!
[[i] 本帖最后由 tigerbalm 于 2008-3-7 17:58 编辑 [/i]] 新建一个MonitorModeEnabled这个键呢?
感觉不错
看了,感觉不错,谢谢您提供-------------------------
We provide all [url=http://www.wow-powerleveling.org]WoW Gold[/url] services. You can buy [url=http://www.gogoer.com]WoW Gold[/url] Cheap WoW Gold here!
Welcome to our website for you World of Warcraft Gold,[url=http://www.wowgoldlive.com]WoW Gold[/url],Cheap World of Warcraft Gold,buy cheap [url=http://www.gamelee.com]WoW Gold[/url],real WoW Gold,sell [url=http://www.xowow.com]WoW Gold[/url], 是啊,同意二楼的,没有这个Dword键MonitorModeEnabled你就建一个试试啊! 同意二楼的,有些时候就需要新建一个键。 楼主换个工具试试 用wildpack看看 vista下能用sniffer吗?怎么用?我在vista下,sniffer看不到我的网卡。
快国庆了大家怎么安排
*** 作者被禁止或删除 内容自动屏蔽 *** thanks页:
[1]