cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
6
Replies

AP1131AG, WLC44002 and remote capture

tvolk
Level 1
Level 1

Dear,

we have installed a WLC 4402 with about 50 AP1131AG. This works all fine. Now I changed one AP's role to sniffer, and I like to use wireshark for the capturing, but I struggle with the syntax of rpcap adapter command. Can someone help me with this?

Regards

Thomas

6 Replies 6

ericgarnel
Level 7
Level 7

rpcap://17.2.1.1/eth2

•The capture interface can be specified either in the capture dialog box or via the -i option at the command line when invoking Ethereal.

ethereal -i rpcap://[:]/

For example:

ethereal -i rpcap://172.22.1.1/eth2.

This url is helpful:

ftp://ftp.wiretapped.net/disk1/security/packet-capture/winpcap/docs/docs31/html/group__remote.html

This is from ethereal (now wireshark)

http://winpcap.mirror.ethereal.com/301a/docs/group__remote__source__string.html

A Cisco example:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_1_x/1_0_2a/san-os/configuration/guide/Advanced.html

You will still have to define your filters in wireshark of course

Here is the syntax from the controller:

This is on 4.2.112.0, thus the aeropeek ref

>config ap sniff 802.11b enable ?

Enter a valid 802.11b/g channel to be sniffed

(South_A) >config ap sniff 802.11b enable 11 ?

Enter Sniffer server (remote Airopeek) IP address.

(South_A) >config ap sniff 802.11b enable 11

I did all this configs, but I use the wireshark and not Airopeek..., today I was capturing the communication between the wireshark and the access-point. The access-point is sending after a TCP-Syn to port 2002 a TCP-reset.

Regards

Thomas

Wireshark is supported in 5.x

OK, thats a clear statment, not according to the dokumenttation, but thats fine:

http://www.cisco.com/en/US/docs/wireless/controller/5.0/command/reference/cli5c1.html#wp2465366

This means only Omipeek is supported?

Regards

Thomas

Try this link:

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html

"Wireshark sniffer support-The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems. In previous controller software releases, only the following packet analyzers are supported: Wildpackets Omnipeek and Airopeek and the AirMagnet Enterprise Analyzer. In controller software release 5.0.148.0, the Wireshark packet analyzer is also supported."

Per your link...

"config

Configure parameters.

ap

Configure access point.

sniff

Sniffer command.

802.11b {enable | disable}

Enable or disable sniffing.

channel

Channel to be sniffed.

server_IP_address

The IP address of the remote machine running Omnipeek, Airopeek,

AirMagnet, or Wireshark

Cisco_AP

Access point configured as the sniffer.

"

Review Cisco Networking for a $25 gift card