How can you get a list of vlans if you have more than one, for example if i have this packet..
Layer ETH:
Destination: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
Source: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
Layer VLAN:
Trailer: 8dbdde29
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 0110 0100 = ID: 100
Type: IP (0x0800)
Layer IP:
....
Layer UDP:
....
if I use pyshark i got only inner vlan.
>>> print cap[0]['vlan']
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
I expect to get it the same as tshark :
tshark -r filename.pcap -T fields -e vlan.id
100,200
Managed this discussing on github: https://github.com/KimiNewt/pyshark/issues/80
The easy way to get double vlan is:
vlan1, vlan2 = pkt[1], pkt[2]
or explicitly:
vlan1, vlan2 = pkt.layers[1], pkt.layers[2]