Cisco Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch Manual De Mantenimiento
Administration
Packet Capture
Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE
54
3
STEP 7
Select the interface from which you need to capture packets. At the Wireshark
popup window, next to the IP address, there is a pull-down list for you to select the
interfaces. The interface can be one of the following:
popup window, next to the IP address, there is a pull-down list for you to select the
interfaces. The interface can be one of the following:
Linux bridge interface in the wap device
--rpcap://[192.168.1.220]:2002/brtrunk
Wired LAN interface
-- rpcap://[192.168.1.220]:2002/eth0
VAP0 traffic on radio 1
--rpcap://[192.168.1.220]:2002/brtrunk
Wired LAN interface
-- rpcap://[192.168.1.220]:2002/eth0
VAP0 traffic on radio 1
-- rpcap://[192.168.1.220]:2002/wlan0
802.11 traffic
-- rpcap://[192.168.1.220]:2002/radio1
At WAP321, VAP1 ~ VAP7 traffic
-- rpcap://[ 192.168.1.220]:2002/wlan0vap1 ~ wlan0vap7
At WAP321, VAP1 ~ VAP3 traffic
-- rpcap://[ 192.168.1.220]:2002/wlan0vap1 ~ wlan0vap3
802.11 traffic
-- rpcap://[192.168.1.220]:2002/radio1
At WAP321, VAP1 ~ VAP7 traffic
-- rpcap://[ 192.168.1.220]:2002/wlan0vap1 ~ wlan0vap7
At WAP321, VAP1 ~ VAP3 traffic
-- rpcap://[ 192.168.1.220]:2002/wlan0vap1 ~ wlan0vap3
You can trace up to four interfaces on the WAP device at the same time. However,
you must start a separate Wireshark session for each interface. To initiate
additional remote capture sessions, repeat the Wireshark configuration steps; no
configuration needs to be done on the WAP device.
you must start a separate Wireshark session for each interface. To initiate
additional remote capture sessions, repeat the Wireshark configuration steps; no
configuration needs to be done on the WAP device.
NOTE
The system uses four consecutive port numbers, starting with the configured port
for the remote packet capture sessions. Verify that you have four consecutive port
numbers available. We recommend that if you do not use the default port, use a port
number greater than 1024.
for the remote packet capture sessions. Verify that you have four consecutive port
numbers available. We recommend that if you do not use the default port, use a port
number greater than 1024.
When you are capturing traffic on the radio interface, you can disable beacon
capture, but other 802.11 control frames are still sent to Wireshark. You can set up
a display filter to show only:
capture, but other 802.11 control frames are still sent to Wireshark. You can set up
a display filter to show only:
•
Data frames in the trace
•
Traffic on specific Basic Service Set IDs (BSSIDs)
•
Traffic between two clients
Some examples of useful display filters are:
•
Exclude beacons and ACK/RTS/CTS frames:
!(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1)
•
Data frames only:
wlan.fc.type == 2
•
Traffic on a specific BSSID:
wlan.bssid == 00:02:bc:00:17:d0