12-10-2013 03:10 AM - edited 07-04-2021 01:23 AM
Hello everybody. Im now trouble shooting a wireless problem. So i wannt to sniff the traffic from the device.
what ive done so far:
-set up a AP in sniffing mode
-redirected the traffic to my client.
-sniffing the traffic
i cann see the traffig on wireshark. but i cannot see the payload.
i should see the DHCP request and so on. but i cannot see this informations in wireshark.
all i see is source mac (my device) destination mac - broadcast.
i did it just like the how to told me to:
https://supportforums.cisco.com/docs/DOC-19214
what am i missing?
Thank You
Chris
12-10-2013 02:29 PM
If you have any type of encryption used on the SSID, you won't see the payload as it's encrypted. You'll only see up to layer 2 (i.e. the WLAN headers)
If you have a PSK, it would be possible to put this in to Wireshark and decrypt the payload, but if you're using 802.1x, you cannot decrypt, as the encryption keys change constantly.
HTH.
Sent from Cisco Technical Support iPad App
12-11-2013 01:10 AM
Hello
Thank you for your answer!
but there is no encryption used. its a guest WLAN.
so this should not be the problem.
12-11-2013 04:53 AM
Chris,
The only other thing I can think of is that the frames are getting truncated somewhere.
Maybe you have sort of frame slicing configured in Wireshark to keep the capture size down?
Nigel.
Sent from Cisco Technical Support iPad App
12-11-2013 08:04 AM
Hello Nigel
thank you. i made some other misstakes. everything solved.
BUT now i have the problem, that i have the Data in wireshark.. but not ina huma readable state.
do you know how to change this?
12-12-2013 05:49 AM
What are you using as the decoder for the frames? Are you using the AIROPEEK transport protocol?
Sent from Cisco Technical Support Android App
12-12-2013 06:05 AM
in Wireshark its called PEEKREMOTE. they changed it with the newer releases.
so yes. i decode with that
12-12-2013 06:12 AM
That's right thank you. Any luck with the payload? Its been a while since I tried this.
Sent from Cisco Technical Support Android App
12-12-2013 06:53 AM
I managed to get one going here. Is the sniffer mode AP close enough to clients connecting to nearby APs, and are you sniffing on the same channel as a nearby AP?
Sent from Cisco Technical Support Android App
12-12-2013 06:57 AM
yes. like e mentioned before, we see traffic. but the Data is not readable for us.
the goal is to sniff the WISPr Requests and hopefully the Response from IOS 7 Devices.
so i need to see the Data. an as far as i know this should be plain text.
12-12-2013 07:08 AM
Ok thanks. Interesting, so this wouldn't be anything the controller would see in a client debug. Did you see this link on the WISPr urls used in ios7? http://www.cadincweb.com/why-your-apple-ios-7-device-wont-connect-to-the-wifi-network
12-12-2013 07:27 AM
yes i saw that link and must tell that it is incorect. with IOS 7 Apple has now 200+ URLs for WISPr.
All i wanna see is if there is a WISPr Request and hopefully a answer and where is the answer from.
12-19-2013 07:13 AM
you can sniff the client connecting AP port using wireshark.
01-22-2014 05:54 AM
I seem to be seeing the same issue ; seeing sniffed mcast/broadcast packets from wireless clients - no unicast.
WLC is running 7.5.10.12 using (2) 3602s, 1 AP inFlexC mode, the other in sniffer mode.
I've tried using both 5G and 2.4G radios, making sure both clients and both APs are all matched.
I even used dropped that to only 2.4 and the available RF rates to max of 11M - the behavior never changes.
Using wireshark 1.10.5
Decoding packets as PEEKREMOTE.
Have set unset CAPWAP/LWWAP "swap control bit" - no difference
Enabled disabled CAPWAP "Cisco wireless controller support" - no difference
Perhaps a wireshark dissector issue? I'm seeing many/larger frames in these captures all decoded as:
IEEE 802.11 Unrecognized (Reserved frame), Flags: .........
Type/Subtype: Unknown (0x36)
Frame Control Field: 0x6c00
Curious if others with similar setup have this working correctly or not - ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide