cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
730
Views
0
Helpful
3
Replies
Heinz Kern
Beginner

Report for all probe requests of certain access points

Hello,

i´m wondering if there is a possibility to generate a report for all probe requests of clients coming from certain access points.

 

background is the detection of criminal activities. what i need to find is the MAC of all clients which were active at a specific time. 

 

any idea how i could gather this?

 

br + thx

1 ACCEPTED SOLUTION

Accepted Solutions

Honestly I would completely drop this idea, as it simply will very soon not anymore be usable.



I found this: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01111010.html

But with this they only land at the WLC. I think you can't extract them without a CMX, not sure though.


View solution in original post

3 REPLIES 3
patoberli
VIP Advisor

The WLC doesn't keep that information for very long, or not at all. It can probably send them to a CMX server. There you could then use it for marketing purposes, but in the end those aren't much different from what you want to achieve. 

You are better off with real wireless sniffers though.

 

The main problem you'll have though, all those clients (mobile phones and now also laptops) have started to use random mac addresses for those packets, which can't be traced back to the real hardware mac address, to thwart this marketing "abuse" and tracking. So this mac address collection is no viable way of tracking the users anymore. 
It's different if they are actually connected to your SSID, then they typically keep their mac address. At least Android devices do, Apple started to randomize it every 24 hours since iOS 14 I think.  

thanks for the feedback, it is great. especialy the point with the random MAC is very important to understand on which level we could provide information. 

 

for the logs: do i see them anywhere: could thy be forwarded via syslog?

Honestly I would completely drop this idea, as it simply will very soon not anymore be usable.



I found this: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01111010.html

But with this they only land at the WLC. I think you can't extract them without a CMX, not sure though.


View solution in original post

Create
Recognize Your Peers
Content for Community-Ad