capture vlan ID

asked 2018-03-22 16:53:54 +0000

josesalazmit gravatar image

updated 2018-03-22 17:52:40 +0000

grahamb gravatar image

Hello everyone I have wireshark ver 2.4.5 wincap 4.1.3

Intel nic e1d62x64 which should be match with the registry key MonitorMode in:


When creating or modifying registry dword MonitorMode, set the dword value to one of the following options:

  • 0 — disabled (Do not store bad packets, Do not store CRCs, Strip 802.1Q vlan tags)
  • 1 — enabled (Receive bad/runt/invalid CRC packets. Leave CRCs attached to the packets. Do not strip VLAN tags and ignore packets sent to other VLANs as per normal operation.)

I configured 1

But I can not get the vlan ID when I run the wireshark. Ethernet II (VLAN tagged) is missing Is there any else missing?

edit retag flag offensive close merge delete


Did you Note You must restart Windows for the registry change to take effect.

Jaap gravatar imageJaap ( 2018-03-22 18:08:14 +0000 )edit

Hello Jaap We already did but this was not resolve. I remembered having used "etherreal" and I found that option. Is there any dissector or something missing in wireshark?

josesalazmit gravatar imagejosesalazmit ( 2018-03-26 19:21:48 +0000 )edit

I'm not familiar with Windows networking, so have little to add. There's certainly nothing missing in Wireshark in this area, other than proper interfacing with the netwok stack for capture. Maybe it's relevant to mention the OS version you're working on? This may help people on the right track.

Jaap gravatar imageJaap ( 2018-03-27 11:14:14 +0000 )edit

Hello Jaap, We use Windows 7 professional

josesalazmit gravatar imagejosesalazmit ( 2018-03-27 14:53:11 +0000 )edit

Did you ever get this sorted - I’m having same issue with two Intel nics in windows 10 and really want to get this working.

MacBook Pro OSX works immediately without any hacks!

HiZ gravatar imageHiZ ( 2019-03-04 08:35:14 +0000 )edit