Capture VLAN tags by using tcpdump

Solution Verified - Updated -


  • Red Hat Enterprise Linux 5 (RHEL 5).
  • Red Hat Enterprise Linux 6 (RHEL 6).
  • Red Hat Enterprise Linux 7 (RHEL 7).
  • tcpdump


  • How to capture VLAN tags that are used by tcpdump?
  • Server unable to ping the gateway which is on VLAN.


  • You can verify the incoming traffic to see if they have VLAN tags by using tcpdump with the -e and vlan option.
    This will show the details of the VLAN header:
# tcpdump -i bond0 -nn -e  vlan
To capture the issue live.


# tcpdump -i eno1 -nn -e  vlan -w /tmp/vlan.pcap
To write to the capture to a file.

Root Cause

  • The reason why the host could ping the gateway was because the traffic seen on the host was tagged with the wrong VLAN ID. The host was not configured to use VLAN tagging so traffic was being ignored.

Diagnostic Steps

  • Another check to run through via the packet capture is to check on the arp requests incoming, and see if the packets coming in are in the same subnet.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.