04-30-2008 01:05 AM - edited 07-03-2021 03:47 PM
Dear,
we have installed a WLC 4402 with about 50 AP1131AG. This works all fine. Now I changed one AP's role to sniffer, and I like to use wireshark for the capturing, but I struggle with the syntax of rpcap adapter command. Can someone help me with this?
Regards
Thomas
04-30-2008 05:31 AM
rpcap://17.2.1.1/eth2
â¢The capture interface can be specified either in the capture dialog box or via the -i option at the command line when invoking Ethereal.
ethereal -i rpcap://
For example:
ethereal -i rpcap://172.22.1.1/eth2.
This url is helpful:
ftp://ftp.wiretapped.net/disk1/security/packet-capture/winpcap/docs/docs31/html/group__remote.html
This is from ethereal (now wireshark)
http://winpcap.mirror.ethereal.com/301a/docs/group__remote__source__string.html
A Cisco example:
You will still have to define your filters in wireshark of course
04-30-2008 05:34 AM
Here is the syntax from the controller:
This is on 4.2.112.0, thus the aeropeek ref
>config ap sniff 802.11b enable ?
(South_A) >config ap sniff 802.11b enable 11 ?
(South_A) >config ap sniff 802.11b enable 11
05-05-2008 06:21 AM
I did all this configs, but I use the wireshark and not Airopeek..., today I was capturing the communication between the wireshark and the access-point. The access-point is sending after a TCP-Syn to port 2002 a TCP-reset.
Regards
Thomas
05-05-2008 06:27 AM
Wireshark is supported in 5.x
05-05-2008 06:34 AM
OK, thats a clear statment, not according to the dokumenttation, but thats fine:
http://www.cisco.com/en/US/docs/wireless/controller/5.0/command/reference/cli5c1.html#wp2465366
This means only Omipeek is supported?
Regards
Thomas
05-05-2008 06:45 AM
Try this link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html
"Wireshark sniffer support-The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems. In previous controller software releases, only the following packet analyzers are supported: Wildpackets Omnipeek and Airopeek and the AirMagnet Enterprise Analyzer. In controller software release 5.0.148.0, the Wireshark packet analyzer is also supported."
Per your link...
"config
Configure parameters.
ap
Configure access point.
sniff
Sniffer command.
802.11b {enable | disable}
Enable or disable sniffing.
channel
Channel to be sniffed.
server_IP_address
The IP address of the remote machine running Omnipeek, Airopeek,
AirMagnet, or Wireshark
Cisco_AP
Access point configured as the sniffer.
"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide