05-20-2020 10:01 AM - edited 07-05-2021 12:04 PM
Hi All-
I am working on troubleshooting some endpoint issues and am trying to do a Over the Air capture. I am working off of this document that TAC sent me:
I have a 5520 controller running 8.5.140.0 and two 3602 APs. The APs are about 10 feet apart from each other. One is local mode, the other is in "Sniffer" mode. They are on the same channel. I have a server running Wireshark and am seeing traffic on port 5555 from the controller. I am decoding it as PEEKREMOTE. I have attached a screenshot from Wireshark of the traffic.
I see a lot of traffic between the controller and the APs of various types: QOS Data, Beacon Frames, RTS, CTS ect. What I don't see is packets to and from the client. I was expecting to see standard client data such as HTTP, DNS, RTP etc. I don't see any client IP addresses at all in the capture, Am I doing something wrong? Is my expectation wrong? Am I misinterpreting what the feature is designed to do?
Thanks
Solved! Go to Solution.
05-20-2020 02:47 PM
"I don't see any client IP addresses at all in the capture, Am I doing something wrong? Is my expectation wrong? Am I misinterpreting what the feature is designed to do? "
What is the security setting of SSID ? is it PSK or 802.1X/EAP configured for SSID security? If it is PSK, you can decrypt it and see inner protocol detail like DHCP/DNS/HTTP,etc, see below post
https://mrncciew.com/2018/04/07/wifi-captures-with-sniffer-mode-ap/
All those frames QoS Data are the one carry user data (rest management & control frames with no data payload)
HTH
Rasika
*** Pls rate all useful responses ***
05-20-2020 02:47 PM
"I don't see any client IP addresses at all in the capture, Am I doing something wrong? Is my expectation wrong? Am I misinterpreting what the feature is designed to do? "
What is the security setting of SSID ? is it PSK or 802.1X/EAP configured for SSID security? If it is PSK, you can decrypt it and see inner protocol detail like DHCP/DNS/HTTP,etc, see below post
https://mrncciew.com/2018/04/07/wifi-captures-with-sniffer-mode-ap/
All those frames QoS Data are the one carry user data (rest management & control frames with no data payload)
HTH
Rasika
*** Pls rate all useful responses ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide