Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
3
Replies

Report for all probe requests of certain access points

Go to solution
Heinz Kern
Level 1
Level 1

‎11-19-2020 12:26 AM - edited ‎07-05-2021 12:48 PM

Hello,

i´m wondering if there is a possibility to generate a report for all probe requests of clients coming from certain access points.

 

background is the detection of criminal activities. what i need to find is the MAC of all clients which were active at a specific time. 

 

any idea how i could gather this?

 

br + thx

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Heinz Kern

‎11-20-2020 02:53 AM

Honestly I would completely drop this idea, as it simply will very soon not anymore be usable.



I found this: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01111010.html

But with this they only land at the WLC. I think you can't extract them without a CMX, not sure though.


View solution in original post

0 Helpful
3 Replies 3

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎11-20-2020 01:43 AM

The WLC doesn't keep that information for very long, or not at all. It can probably send them to a CMX server. There you could then use it for marketing purposes, but in the end those aren't much different from what you want to achieve. 

You are better off with real wireless sniffers though.

 

The main problem you'll have though, all those clients (mobile phones and now also laptops) have started to use random mac addresses for those packets, which can't be traced back to the real hardware mac address, to thwart this marketing "abuse" and tracking. So this mac address collection is no viable way of tracking the users anymore. 
It's different if they are actually connected to your SSID, then they typically keep their mac address. At least Android devices do, Apple started to randomize it every 24 hours since iOS 14 I think.  

0 Helpful

Go to solution
Heinz Kern
Level 1
Level 1
In response to patoberli

‎11-20-2020 02:16 AM

thanks for the feedback, it is great. especialy the point with the random MAC is very important to understand on which level we could provide information. 

 

for the logs: do i see them anywhere: could thy be forwarded via syslog?

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Heinz Kern

‎11-20-2020 02:53 AM

Honestly I would completely drop this idea, as it simply will very soon not anymore be usable.



I found this: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01111010.html

But with this they only land at the WLC. I think you can't extract them without a CMX, not sure though.


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card