Capturing Packet Traffic with VLAN Tags on Windows

/ Networking and Computing Tips and Tricks / By
Post Views: 178

Capturing network traffic with VLAN tags on a Windows computer can be tricky due to how network adapters and capture software handle VLAN-tagged frames. By default, Windows often strips VLAN tags before passing packets to capture applications like Wireshark. However, there are ways to configure your setup to properly capture VLAN information.

1. Install the Right Capture Software

To capture VLAN-tagged traffic, you need a packet analyzer like Wireshark. Download and install the latest version from www.wireshark.org.

2. Check Your Network Adapter’s VLAN Support

Not all network adapters pass VLAN tags to the capture software. Many Intel and Broadcom adapters can retain VLAN tags but require additional configuration.

  • Open Device Manager (Win + X → Device Manager).
  • Expand Network Adapters and find your Ethernet adapter.
  • Right-click and select Properties.
  • Go to the Advanced tab and look for settings like:
    • VLAN ID or Packet Priority & VLAN
    • Priority & VLAN Enabled (set to Enabled if available)
  • If your adapter strips VLAN tags, consider using a USB-to-Ethernet adapter known to retain VLAN headers.

You can read additional adapter setting information here: https://wiki.wireshark.org/CaptureSetup/VLAN#windows from the nice people at Wireshark.

3. Use a Managed Switch with Port Mirroring

If your network adapter removes VLAN tags, an alternative is to use a managed switch with port mirroring:

  • Configure a SPAN (Switch Port Analyzer) or Mirroring Port on the switch to send traffic, including VLAN tags, to your capture machine.
  • Connect your Windows computer to the mirrored port.

If you would like to know which switch we use: DLink 8 port managed gigabit switch. To see our entire “go bag” look here: https://www.cellstream.com/2024/10/28/the-products-we-use/

4. Capture VLAN Traffic in Wireshark

Once your setup is configured:

  1. Open Wireshark.
  2. Select the correct network interface.
  3. Start the capture and check for 802.1Q VLAN-tagged frames.
  4. Apply a display filter: vlan This will show only VLAN-tagged packets.

5. Alternative: Use npcap with VLAN Support

Npcap, the packet capture library used by Wireshark, supports VLAN capture when configured correctly. Ensure you have the latest Npcap installed from npcap.com and try enabling the “Support raw 802.11 traffic” option during installation.

By configuring your network adapter, using a managed switch, or ensuring proper software settings, you can successfully capture VLAN-tagged traffic on a Windows machine.

Comments are welcomed below from registered users.  You can also leave comments at our Discord server

If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!

Tags: , , ,

Contact Us Here


Please verify.
Validation complete :)
Validation failed :(
 
Your contact request has been received. We usually respond within an hour, but please be patient. We will get back to you very soon.
Scroll to Top