AP1131AG, WLC44002 and remote capture

Unanswered Question
Apr 30th, 2008
User Badges:

Dear,


we have installed a WLC 4402 with about 50 AP1131AG. This works all fine. Now I changed one AP's role to sniffer, and I like to use wireshark for the capturing, but I struggle with the syntax of rpcap adapter command. Can someone help me with this?


Regards

Thomas


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Wed, 04/30/2008 - 05:31
User Badges:
  • Gold, 750 points or more

rpcap://17.2.1.1/eth2



•The capture interface can be specified either in the capture dialog box or via the -i option at the command line when invoking Ethereal.


ethereal -i rpcap://[:]/



For example:


ethereal -i rpcap://172.22.1.1/eth2.





This url is helpful:

ftp://ftp.wiretapped.net/disk1/security/packet-capture/winpcap/docs/docs31/html/group__remote.html


This is from ethereal (now wireshark)

http://winpcap.mirror.ethereal.com/301a/docs/group__remote__source__string.html


A Cisco example:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_1_x/1_0_2a/san-os/configuration/guide/Advanced.html


You will still have to define your filters in wireshark of course

ericgarnel Wed, 04/30/2008 - 05:34
User Badges:
  • Gold, 750 points or more

Here is the syntax from the controller:

This is on 4.2.112.0, thus the aeropeek ref


>config ap sniff 802.11b enable ?


Enter a valid 802.11b/g channel to be sniffed


(South_A) >config ap sniff 802.11b enable 11 ?


Enter Sniffer server (remote Airopeek) IP address.


(South_A) >config ap sniff 802.11b enable 11


tvolk Mon, 05/05/2008 - 06:21
User Badges:

I did all this configs, but I use the wireshark and not Airopeek..., today I was capturing the communication between the wireshark and the access-point. The access-point is sending after a TCP-Syn to port 2002 a TCP-reset.


Regards

Thomas


ericgarnel Mon, 05/05/2008 - 06:27
User Badges:
  • Gold, 750 points or more

Wireshark is supported in 5.x

ericgarnel Mon, 05/05/2008 - 06:45
User Badges:
  • Gold, 750 points or more

Try this link:

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html


"Wireshark sniffer support-The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems. In previous controller software releases, only the following packet analyzers are supported: Wildpackets Omnipeek and Airopeek and the AirMagnet Enterprise Analyzer. In controller software release 5.0.148.0, the Wireshark packet analyzer is also supported."



Per your link...

"config


Configure parameters.


ap


Configure access point.


sniff


Sniffer command.


802.11b {enable | disable}


Enable or disable sniffing.


channel


Channel to be sniffed.


server_IP_address


The IP address of the remote machine running Omnipeek, Airopeek,


AirMagnet, or Wireshark


Cisco_AP


Access point configured as the sniffer.

"

Actions

This Discussion

 

 

Trending Topics - Security & Network