tigerbalm 发表于 2008-3-7 17:56:44

如何在VISTA下面抓到带VLAN tag的报文?

新买的thinkpad T61,系统是VISTA Ultimate,网卡是intel 82566MM gigabit network connection。
抓包工具用了wireshark和sniffer发现都抓不到带tag的报文,相同环境下用另外一部台式机抓包发现是有tag的。
后来上网查了一下发现对于某些网卡需要修改注册表,-- http://wiki.wireshark.org/CaptureSetup/VLAN#head-81781716144f2855ab0aff2f8b752e95f2562efb。

上门链接里面对于intel网卡的说明:
Special flag settings
For some of the more sophisticated adapters, a flag can be set to disable the stripping of VLAN tags.


Intel
Some Intel Ethernet adapters and their drivers will, by default, strip VLAN tags when processing packets or strip tagged packets completely. If you want to see the VLAN tags when capturing on one of those adapters in promiscuous mode on Windows, you will need to disable this feature. You may also need to upgrade your driver for that. This is unrelated to working with Intel's specialized driver that adds VLAN support (see below).
See Intel's original support note on this for more details.

然后从上文中链接到intel的网页--http://support.intel.com/support/network/sb/CS-005897.htm 上,发现他需要改一个注册表的键值:
To allow tagged frames to be passed to your packet capture software you must go into the registry and either add a registry dword and value or change the value of the registry key.

The registry dword is MonitorModeEnabled.  It should be placed at:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\00xx

where xx is the instance of the network adapter that you need to see tags on. (Check by opening and viewing the name of the adapter).

It should be set to read: MonitorModeEnabled= 1

Note: ControlSet001 may need to be CurrentControlSet or another 00x number.

我按照文中指示去操作,在vista下面就根本找不到他说的MonitorModeEnabled这个键,郁闷。

我有一些客户朋友的笔记本装的也是VISTA,不过他们的网卡是MARVELL的,按照第一个链接里面wireshark的说明设置以后就可以抓到VLAN tag的报文了,我的就怎么也不行。

个人认为是VISTA的问题,不是网卡的问题,也不想用回XP,诚心向各位大大请教,有知道怎么设置的请指点一下,谢谢!

[ 本帖最后由 tigerbalm 于 2008-3-7 17:58 编辑 ]

Vader 发表于 2008-4-15 16:56:59

新建一个MonitorModeEnabled这个键呢?

Pbreak 发表于 2008-6-23 09:56:24

是啊,同意二楼的,没有这个Dword键MonitorModeEnabled你就建一个试试啊!

qyq2008 发表于 2008-7-5 23:20:53

同意二楼的,有些时候就需要新建一个键。

fay1 发表于 2008-7-14 10:30:05

楼主换个工具试试 用wildpack看看

simen 发表于 2008-9-24 18:25:47

vista下能用sniffer吗?怎么用?我在vista下,sniffer看不到我的网卡。

boyhill 发表于 2008-12-11 12:15:19

我知道咋解决

你看到的只是说明,intel还专门出了一个驱动,这说明是根据特殊驱动说的,驱动intel客户网站好像有

tigerbalm 发表于 2009-1-7 15:40:54

谢谢各位!
新建一个MonitorModeEnabled这个键也是不行,XP下也不行,估计要去找楼上说的特殊驱动了~

format-water 发表于 2010-2-22 16:42:52

我也是T61这个网卡,是要装个驱动,装了后可以直接在电脑上设置VLAN。注册表我也加了,怎么还是用SNIFFER还是没看到VLAN信息啊,我看有个教材是科来,不知道有没有关系

xiaoyunkai 发表于 2010-3-25 11:49:51

我回来了,

离开论坛3年了,回到运维工作中来了,楼主的问题应该是网卡支持问题,换驱动估计悬,用外置网卡吧,MINI的网卡都有这个问题的说
页: [1]
查看完整版本: 如何在VISTA下面抓到带VLAN tag的报文?