Bruce Hartpence

May your packets always reach their destinations.
Home


Welcome to the Configs page. Here you will find many of the configs you'll need to complete labs or get through classes. These are also great for brushing up. These will be periodically updated so keep checking back. The configs are also commented to help you understand what is going on.

Oh, and don't forget, most of these appear on the youtube channel too.


Configuration used to capture trunked frames:

The reason for this file is that occasionally we wish to collect frames showing the 802.1Q VLAN tag information. But, not all NICs allow this. This modification is for the RIT lab machines but will work on any machine having the equipment noted on the following Intel website; http://www.intel.com/support/network/sb/cs-005897.htm

Information about the NIC in question can be found under the NIC properties. Click on the Configure button and then go to the Driver tab. You are interested in the driver name. Now go to the Details tab where you are interested in the Driver Key

For the onboard NIC (this is the Intel NIC) use regedit and then go to "CurrentControlSet"

Select the interface indicated by the driver key.

The instructions on the Intel website work - with one gotcha...the instruction called for a new DWORD of MonitorModeEnabled to be added on CurrentControlSet001. Every machine I checked already had a QWORD for the same thing. QWORD is for 64 bit.

When I deleted this value and added a DWORD it worked. I reversed the process and it failed. Changed back and it worked.

So, give that a try and remember to ensure that your monitor session (Cisco switch configuration) specifies that the destination use dot1q encapsulation.

After you are done, make sure you disable and reenable the NIC. Capture away.


Trunked frame example