D-Link DWL-3600AP

To Next Page

To Previous Page

PacketCaptureConfigurationandSettings

D-Link UnifiedAccessPointAdministrator’sGuide

November2011 Page126

UnifiedAccessPointAdministrator’sGuide

ToconfigureWiresharktousetheAPasthesourceforcapturedpack ets,youmustspecifytheremoteinterface

inthe"CaptureOptions"menu.Forexampletocapturepack etsonanAPwithIPaddress192.168.1.10onradio

1usingthedefaultIPport,specifythefollowinginterface:

rpcap://192.168.1.10/radio1

Tocapture

packetsontheEthernetinterfaceoftheAPandVAP0onradio1usingIPport58000,starttwo

Wiresharksessionsandspecifythefollowinginterfaces:

rpcap://192.168.1.10:58000/eth0

rpcap://192.168.1.10:58000/wlan0

Whenyouarecapturingtrafficontheradiointerface,youcandisablebeaconcapture,butother802.11control

framesarestillsenttoWireshark.You

cansetupadisplayfiltertoshowonly:

•Dataframesinthetrace

•TrafficonspecificBSSIDs

•Trafficbetweentwoclients

Someexamplesofusefuldisplayfiltersare:

• ExcludebeaconsandACK/RTS/CTSframes:

!(wlan.fc.type_subtype==8||wlan.fc.type==1)

•Dataframesonly:

wlan.fc.type==2

•TrafficonaspecificBSSID:

wlan.bssid==00:02:bc:00:17:d0

•Alltraffictoandfromaspecificclient:

wlan.addr==00:00:e8:4e:5f:8e

Inremotecapturemode,trafficissenttothePCrunningWiresharkviaoneofthenetworkinterfaces.

DependingonwheretheWiresharktoolislocatedthetrafficcanbesentonanEthernetinterfaceoroneofthe

radios.In

ordertoavoidatrafficfloodcausedbytracingthetracepackets,theAPautomaticallyinstallsa

capturefiltertofilteroutallpacketsdestinedtotheWiresharkapplication.ForexampleiftheWiresharkIPport

isconfiguredtobe58000thenthefollowingcapturefilterisautomaticallyinstalledon

theAP:

notportrange58000‐58004.

EnablingthepacketcapturefeatureimpactsperformanceoftheAPandcancreateasecurityissue

(unauthorizedclientsmaybeabletoconnecttotheAP andtraceuserdata).TheAPperformanceisnegatively

impactedevenifthereisnoactiveWiresharksessionwith

theAP.Theperformanceisnegativelyimpactedto

agreaterextentwhenpacketcaptureisinprogress.

Duetoperformanceandsecurityissues,thepacketcapturemodeisnotsavedinNVRAMontheAP;iftheAP

resets,thecapturemodeisdisabledandtheyoumustre‐enableit

inordertoresumecapturingtraffic.Packet

captureparameters(otherthanmode)aresavedinNVRAM.

Main Page

D-Link DWL-3600AP - Page 126

Table of Contents

Other manuals for D-Link DWL-3600AP

Related product manuals