Cisco Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 관리 매뉴얼

Packet Capture

Cisco WAP131 and WAP351 Administration Guide

59

Click Start Capture.

In Packet File Capture mode, the WAP device stores the captured packets in the 
RAM file system. Upon activation, the packet capture proceeds until one of these 
events occurs:

•

The capture time reaches the configured duration.

•

The capture file reaches its maximum size.

•

The administrator stops the capture.

The Remote Packet Capture feature enables you to specify a remote port as the 
destination for packet captures. This feature works in conjunction with the 
Wireshark network analyzer tool for Windows. A packet capture server runs on the 
WAP device and sends the captured packets through a TCP connection to the 
Wireshark tool. Wireshark is an open source tool and is available for free; it can be 
downloaded from 

.

A Microsoft Windows computer running the Wireshark tool allows you to display, 
log, and analyze the captured traffic. The remote packet capture facility is a 
standard feature of the Wireshark tool for Windows. Linux version does not work 
with the WAP device.

When the remote capture mode is in use, the WAP device does not store any 
captured data locally in its file system.

If a firewall is installed between the Wireshark computer and the WAP device, the 
traffic for these ports must be allowed to pass through the firewall. The firewall 
must also be configured to allow the Wireshark computer to initiate a TCP 
connection to the WAP device.

To initiate a remote capture on a WAP device:

Select Administration > Packet Capture.

Enable Promiscuous Capture.

For the Packet Capture Method, select Remote.

In the Remote Capture Port field, use the default port (2002), or if you are using a 
port other than the default, enter the desired port number used for connecting 
Wireshark to the WAP device. The port range is from 1025 to 65530.