Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Apr 03, 2017

tcpdump and vlan filter

Hi,

I have setup (BIG-IP 11.2.0HF7 VE on ESX 5.1) with int_vlan (interface 1.2) configured as tagged (VLAN ID 350) connected to VMnet set with 4095 ID (so trunk type).

W2K8 has interface configured with VLAN ID 350 as well.

When using:

tcpdump -ni 1.2 -v -e 'vlan 350'

no traffic is captured

tcpdump -ni 1.2 -v -e 'host 10.128.30.100' - IP of W2K8 interface, I can see correct tags in captured packets

16:40:07.086904 00:50:56:a9:86:30 > 00:50:56:a9:3b:eb, ethertype 802.1Q (0x8100), length 78: vlan 350, p 0, 
ethertype IPv4, (tos 0x0, ttl 128, id 616, offset 0, flags [none], proto: ICMP (1), 
length: 60) 10.128.30.100 > 10.128.30.239: ICMP echo request, id 3, seq 20827, length 40

tcpdump -ni 1.2 -v -e | grep 'vlan 350' - this one is correctly displaying packets with my VLAN

Am I doing something wrong or vlan filter is not working for v11.2.0?

I tried as well advanced filter like that:

tcpdump -ni 1.2 -v -e 'ether[14:2] & 4095 == 350' (as advised in K2289) but result is the same.

Piotr

1 Reply

  • If "int_vlan" is the name of a VLAN using interface 1.2, then use

    tcpdump -i int_vlan
    plus whatever other options you need.