Wireshark captures intel Nic 802.1Q packets

Find how to enable the Intel Nic to capture VLAN (802.1Q) packets on Wireshark, which can be found in the following link:Monitormodeenabled orMonitormode (depending on the network card)

Http://www.intel.com/support/network/sb/CS-005897.htm

The problem is that I didn't find such an option. I started to think that my Nic is not supported. I used a colleague's Acer computer to disable the nic vlan function and then I can capture packets.

Later, I found it on an English-language website forum. I can manually add this item to solve this problem.

The Registry is located:

HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Control \ class \ {4d36e972-e325-11ce-bfc1-08002be10318} \ 00nn

NN is the serial number. Generally, there are many items. Find a directory where the driverdesc item is the same as the description item of your Nic.

The author's Nic is: Intel (r) 82577lm gigabit network connection

Location: HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Control \ class \ {4d36e972-e325-11ce-bfc1-08002be10318} \ 0007

If this item is not found, you can manually add it as DWORD and change the value to: 1.

After restarting the system, you can parse the 802.1Q items in Wireshark.

My attempt is as follows: the connection vlan id is 100

Ethernet II, Src: dell_01: 45: 30 (00: 26: B9: 01: 45: 30), DST: daytime roni_0a: 68: 17 (F0: de: F1: 0a: 68: 17)

802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 100

Internet Protocol version 4, Src: 10.0.3.11 (10.0.3.11), DST: 10.0.3.138 (10.0.3.138)

If there are multiple controlsets in the registry, only controlset001 is set. Because someone else has already done the experiment, modifying CurrentControlSet is ineffective.