1、网卡设置不剥离VLAN 的方法产品名称:基础类相关版本:所有版本关键字:网卡 、vlan在平时的数据抓包时,有时需要抓不剥离VLAN带TAG标签的数据包,但是大部分的网卡在抓包时就剥离掉了VLAN,从而丢掉了一些有用的数据信息。通过修改注册表可以使网卡抓包时不剥离VLAN,抓到带TAG标签的数据包,设置方法如下:1、对于Intel PRO/1000或PRO/100网卡需要将注册表HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass4D36E972-E325-11CE-BFC1-08002BE1031800xx下的MonitorModeEnabled
2、改为1,如果不存在则新建这么一个dword键。2、对于Broadcom千兆网卡需要在注册表里增加一项PreserveVlanInfoInRxPacket=1,类型为string(字符串)。位置与TxCoalescingTicks相同,后者可以在HKEY_LOCAL_MACHINESYSTEMCurrentControlSet下搜索到。修改后需要重启机器让它生效即可抓到带TAG标签的数据包。注:对于上述1和2的两种网卡类型可以在“我的电脑”“设备管理器”里面查询的到。对于Intel PRO/1000或PRO/100网卡,需要将注册表HKEY_LOCAL_MACHINESYSTEMControlS
3、et001ControlClass4D36E972-E325-11CE-BFC1-08002BE1031800xx下的MonitorModeEnabled改为1,如果不存在则新建这么一个dword键。对于Broadcom千兆网卡,需要在注册表里增加一项PreserveVlanInfoInRxPacket=1,类型为string。位置与TxCoalescingTicks相同,后者可以在HKEY_LOCAL_MACHINESYSTEMCurrentControlSet下搜索到。修改后需要重启机器让它生效。这个修改办法是在UniCA User Manual中看到的,较新的网卡驱动里都支持这个设置,原
4、文如下:Intel PRO/1000 or PRO/100 Ethernet controller which are used in e.g. IBM Notebooks (T40 series and others) do not forward VLAN tags to the upper layers; By default, Intel adapters strip the VLAN tag before passing it up the stack. If you need to see the tag you need to use these driver versions:
5、 PRO/100 6.x or 7.x or later base driver, PRO/1000 7.2.17.803 (plain 7.2.17 does not have this feature). To enable, you must go into the registry and either add a registry dword and value (for e100) or change the value of the registry key (for e1000). The registry dword is MonitorModeEnabled (for bo
6、th). It should be placed at HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass4D36E972-E325-11CE-BFC1-08002BE1031800xx where xx is the instance of the network adapter that you need to see tags on. (Check by opening and viewing the name of the adapter). It should be set to read: MonitorModeEnabled= 1.
7、 Note: ControlSet001 may need to be CurrentControlSet or another 00x numberFor Broadcom 570x Gigabit adapters (for example in Dell systems); Add a registry key under HKEY_LOCAL_MACHINESYSTEMCurrentControlSet to cause the driver not to strip the 802.1Q VLAN header. In order to set that key, you need
8、to find the right instance of the driver in Registry Editor and set that key for it.Run the Registry Editor (regedt32). Search for “TxCoalescingTicks” under “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet“ and ensure this is the only instance that you have. Right-click on the instance number (eg. 0008) and add a new string value. Enter “PreserveVlanInfoInRxPacket” and give it the value “1. Save and Reboot You may need to install a recent driver (version 8.27) to make this setting effective
