117
Section 4: Maintenance of the Access PointLAPAC1750PRO Access Point Software User Manual
Table 77: Packet File Capture
Field Description
Capture Interface Select an AP Capture Interface name from the
drop-down menu. AP capture interface names
are eligible for packet capture are the following:
• brtrunk - Linux bridge interface in the AP
• eth0 - 802.3 traffic on the Ethernet port.
• wlan0 - VAP0 traffic on radio 1.
• wlan0wds0 ~ wlan0wds3 — Traffic on the
specified WDS interface.
• wlan0vap1 ~ wlan0vap7 — Traffic on the
specified VAP on Radio 1.
• wlan1 - VAP0 traffic on radio 2.
• wlan1vap1 ~ wlan1vap7 — Traffic on the
specified VAP on Radio 2.
• radio1 - 802.11 traffic on radio 1.
• radio2 - 802.11 traffic on radio 2.
Capture Duration Specify the time duration in seconds for the
capture (range 10 to 3600).
Max Capture File Size Specify the maximum allowed size for the
capture file in KB (range 64 to 4096).
Remote Packet Capture
Remote Packet Capture allows you to specify a remote port as the destination
for packet captures. This feature works in conjunction with the Wireshark
network analyzer tool for Windows. A packet capture server runs on the AP and
sends the captured packets via a TCP connection to the Wireshark tool.
A Windows PC running the Wireshark tool allows you to display, log, and
analyze captured traffic.
When the remote capture mode is in use, the AP doesn’t store any captured
data locally in its file system.
You can trace up to five interfaces on the AP at the same time. However, you
must start a separate Wireshark session for each interface. You can configure
the IP port number used for connecting Wireshark to the AP. The default port
number is 2002. The system uses 5 consecutive port numbers starting with the
configured port for the packet capture sessions.
If a firewall is installed between the Wireshark PC and the AP, these ports must
be allowed to pass through the firewall. The firewall must also be configured to
allow the Wireshark PC to initiate TCP connection to the AP.
In order to configure Wireshark to use the AP as the source for captured packets,
you must specify the remote interface in the Capture Options menu. For
example, to capture packets on an AP with IP address 192.168.1.252 on radio 1
using the default IP port, specify the following interface:
rpcap://192.168.1.252/radio1
To capture packets on the Ethernet interface of the AP and VAP0 on radio 1 using
IP port 58000, start two Wireshark sessions and specify the following interfaces:
rpcap://192.168.1.252:58000/eth0
rpcap://192.168.1.252:58000/wlan0
When you are capturing traffic on the radio interface, you can disable beacon
capture, but other 802.11 control frames are still sent to Wireshark. You can set
up a display filter to show only the following:
• Data frames in the trace
• Traffic on specific BSSIDs
• Traffic between two clients
Some examples of useful display filters are:
• Exclude beacons and ACK/RTS/CTS frames:
!(wlan.fc.type_subtype == 8 || wlan.fc.type == 1)
• Data frames only:
wlan.fc.type == 2
• Traffic on a specific BSSID:
wlan.bssid == 00:02:bc:00:17:d0
• All traffic to and from a specific client:
• wlan.addr == 00:00:e8:4e:5f:8e
To Next Page
Loading...
Need help?
General
Weight and Dimensions
