cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
736
Views
0
Helpful
1
Replies

WAP371 Firmware V1.1.2.3 - Packet Capture Missing Packets? (and 2 other bugs)

matthew1471
Level 1
Level 1

Hi,

I have noticed that on a test 100Mbps network, using the WAP371 to perform a Remote Packet Capture on eth0 most conversations in the remote capture have lost a few packets. The monitored traffic itself is no more than 40Mbps (so the remote links shouldn't be saturated).

I have checked this both wirelessly (using a 802.11ac bridged client) and wired (to a fresh Windows 7 SP1 x64 machine running on a fresh VMWare ESXi 6.0 machine) I just wondered if anyone is able to verify this or disagree before I put further research into this?

My Remote Capture settings are:

Capture Beacons: Enabled
Promiscuous Capture : Disabled
Radio Client Filter: Disabled

I have also already observed 3 pretty major bugs with this feature (which makes me think the feature might be unreliable):

- In the list of interfaces that Wireshark picks up when you point it at the WAP371, radio0 is missing!

- Despite the manual stating that the remote packet capture itself is excluded from the capture, this is not the case; it's possible to flood the access point and cause a Denial of Service (DoS) against the access point if you attempt to Remote Packet Capture while connected via the wireless one of the WAP's wireless interfaces ("eth0" of course won't have this problem and is a good workaround). I've had to physically reboot the WAP371 a couple of times when I was first testing this feature because of this!

- I seem to recall using Wireshark to send a capture filter to the WAP371 did nothing... when I tried applying one to work-around the above bug.

I would welcome any comments :-).

1 Reply 1

matthew1471
Level 1
Level 1

I have performed some more diagnostics. I introduced a gigabit switch (also wiped the machine and put on Windows 7 and gave it the latest NIC drivers just to be absolutely sure) to the WAP371 and the same issue still persists.

The network topology is now as follows:

 

Internet Router

^
I

Cisco SG300-10 Switch

^

I

Cisco WAP371

Client Capturing Machine

 

Capturing the "WAP371 port" from the "SG300-10 Switch" to the "Client Capturing Machine" shows no issue. Capturing remotely to the "Client Capturing Machine" from the "WAP371" shows a lot of missing packets (see screeenshot).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: