Ask Your Question

Is wireshark able to sniff across vlans?

asked 2018-05-03 15:42:43 +0000

beebo gravatar image

I have several VLANS each vlan with it's own interface and of course all the vlans can route to each other. i am wondering if one client form one vlan can sniff other vlan's users.


edit retag flag offensive close merge delete

1 Answer

Sort by ┬╗ oldest newest most voted

answered 2018-05-03 15:52:59 +0000

Jaap gravatar image

Wireshark can capture whatever comes across its interface(s). So if you're able to bring the various vlans to the capture interface(s) it could be captured. How you do that is another matter. It could be through a span port, it could be several local interfaces. It all depends on the specifics of your capture environment.

edit flag offensive delete link more


Just one more point, technically Wireshark does not capture directly but using a capture library which differs per operating system, and the library hooks into the network stack at a place where the network card driver could already have modified the received packet. So e.g. on Microsoft Windows, you may not see the VLAN headers even though they were ├║hysically present on the wire because the some drivers strips them. Likewise, the npcap capture library was stripping vlan headers some months ago, I'm not sure what is the current state.

Now if the question was how safe the devices in one VLAN are against being sniffed by some other devices, it also depends on the network topology and position of the sniffing device.

sindy gravatar imagesindy ( 2018-05-03 16:42:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-05-03 15:42:43 +0000

Seen: 992 times

Last updated: May 03 '18