On Wed, Mar 23, 2005 at 02:39:17PM -0500, cnelson@xxxxxxxxxxxx wrote: > > On Wed, Mar 23, 2005 at 01:38:28PM -0500, cnelson@xxxxxxxxxxxx wrote: > > > Can I open a raw socket and get all traffic on an interface with > > > VLAN tags intact? Anything to get me started would be welcome. > > > > Use eth0. > > Are you saying that if I open eth0, I'll see everything but if I open > eth0.xx I'll only see traffic for VLAN xx? Right. Make sure to set eth0 in promiscuous mode and you'll get everything. > I've tinkered with this a little and what I seem to find is that if > my switch sends tagged frames to the Linux system, system services > (arp, etc.) don't work. I'm guessing that they don't know what to > do with tagged frames and that he frames aren't stripped. VLAN is implemented in the physical layer. It might help to think of it as a virtual NIC driver. (Although it isn't implemented that way.) VLAN interfaces are no different from other interfaces. But you have to add the VLAN interfaces before Linux will function on the VLANs. > > You could also check out libpcap which may be able to do > > most of the work for you. > > Processing tags myself is trivial -- it's just a 4-bytes offset in > the Ethernet frame. Right. libpcap is also pretty portable, and will probably offer a bell or whistle or two. > The problem I'm having is getting system services to ignore (or not > see) tags. Perhaps we could help more if we knew what your goal was. Why do you want to look at the VLAN tags? //Peter