AP1131AG, WLC44002 and remote capture

Unanswered Question
Apr 30th, 2008

Dear,

we have installed a WLC 4402 with about 50 AP1131AG. This works all fine. Now I changed one AP's role to sniffer, and I like to use wireshark for the capturing, but I struggle with the syntax of rpcap adapter command. Can someone help me with this?

Regards

Thomas

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Wed, 04/30/2008 - 05:31

rpcap://17.2.1.1/eth2

•The capture interface can be specified either in the capture dialog box or via the -i option at the command line when invoking Ethereal.

ethereal -i rpcap://[:]/

For example:

ethereal -i rpcap://172.22.1.1/eth2.

This url is helpful:

ftp://ftp.wiretapped.net/disk1/security/packet-capture/winpcap/docs/docs31/html/group__remote.html

This is from ethereal (now wireshark)

http://winpcap.mirror.ethereal.com/301a/docs/group__remote__source__string.html

A Cisco example:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_1_x/1_0_2a/san-os/configuration/guide/Advanced.html

You will still have to define your filters in wireshark of course

ericgarnel Wed, 04/30/2008 - 05:34

Here is the syntax from the controller:

This is on 4.2.112.0, thus the aeropeek ref

>config ap sniff 802.11b enable ?

Enter a valid 802.11b/g channel to be sniffed

(South_A) >config ap sniff 802.11b enable 11 ?

Enter Sniffer server (remote Airopeek) IP address.

(South_A) >config ap sniff 802.11b enable 11

tvolk Mon, 05/05/2008 - 06:21

I did all this configs, but I use the wireshark and not Airopeek..., today I was capturing the communication between the wireshark and the access-point. The access-point is sending after a TCP-Syn to port 2002 a TCP-reset.

Regards

Thomas

ericgarnel Mon, 05/05/2008 - 06:45

Try this link:

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html

"Wireshark sniffer support-The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems. In previous controller software releases, only the following packet analyzers are supported: Wildpackets Omnipeek and Airopeek and the AirMagnet Enterprise Analyzer. In controller software release 5.0.148.0, the Wireshark packet analyzer is also supported."

Per your link...

"config

Configure parameters.

ap

Configure access point.

sniff

Sniffer command.

802.11b {enable | disable}

Enable or disable sniffing.

channel

Channel to be sniffed.

server_IP_address

The IP address of the remote machine running Omnipeek, Airopeek,

AirMagnet, or Wireshark

Cisco_AP

Access point configured as the sniffer.

"

Actions

This Discussion

 

 

Trending Topics - Security & Network