how to monitor 802.1Q packets through wireshark

NIC: intel(R)82566DM

=========================================

Microsoft Windows* ---

To allow tagged frames to be passed to your packet capture software you must go into the registry and either add a registry dword and value or change the value of the registry key. Depending on the bus type of your network adapter you will either create the keyword "MonitorModeEnabled" for PCI/PCI-X Network Adapters, or "MonitorMode" for PCI-e based Network Adapters.

The new key (dword) should be placed at:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\00xx

where xx is the instance of the network adapter that you need to see tags on. (Check by opening and viewing the name of the adapter).

Note ControlSet001 may need to be CurrentControlSet or another 00x number.

If you are using a PCI or PCI-X Network Adapter the registry dword is: MonitorModeEnabled
Set the dword value to either:
0 - disabled (Do not store bad packets, Do not store CRCs, Strip 802.1Q vlan tags)
1 - enabled (Store bad packets. Store CRCs. Do not strip 802.1Q vlan tags)

If you are using a PCI-Express Network Adapter the registry dword is: MonitorMode
Set the dword value to either:
0 - disabled (Do not store bad packets, Do not store CRCs, Strip 802.1Q vlan tags)
1 - enabled (Store bad packets. Store CRCs. Do not strip 802.1Q vlan btag)
2 - enabled strip vlan (Store bad packets. Store CRCs. Strip 802.1Q vlan tag as normal)

In most cases you should set MonitorMode=1 or MonitorModeEnabled=1.

Warning: This modification should be made very carefully and only by skilled technicians since changes to the registry may disable your machine. This change should only be made for promiscuous mode/sniffing use.