How do you Sniff with a lightweight?

Unanswered Question
Nov 5th, 2009

Okay I set a LAP-1242 out in the wild in "Sniffer" mode.

What I cant figure out is how do I get to the actual data it is sniffing. Does it save it in WCS as a log or something?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

You can use it without the wIPS. If you set an AP to be in sniffer mode, it will ask you to reboot the AP. After it reboots, if you go to that AP's interface configuration page(a or b/g), there is a checkbox that says 'Sniff' and after it is checked it lets you pick a channel to sniff on, and an IP address of a host to send the wireless capture to.

If you enter the IP address of some host on the network(wired or wireless) that has a sniffing program (Omnipeek, wireshark, etc) running on it, you should get the captures on that pc.

Does this help at all?

MICHAEL SCHROEDER Fri, 11/06/2009 - 06:44

Dont forget to decode UDP Port 5555 as "AiroPeek" in the Wireshark Decode Options, so you can read the Frames in clear. Regards, Michael

MICHAEL SCHROEDER Mon, 11/09/2009 - 08:05

Hi Scott, i think that there was a Post before mine, that has been removed, why ever... If you had changed AP Mode to Sniffer and it has rebooted, you can define on which channel the AP has to sniff and to which IP the Packets should be streamed. All unneccessary Headers will be removed. The Stream is encapsulated in UDP SRC 5555 DST 5000. Open Wireshark and trace your NIC. Filter and Drop the ICMP unreachables. Mark one Frame with UDP SRC 5555, click Right Mose, "Decode As..." -> AiroPeek, é Voila, all Packets from the Sniffer AP are 802.11 in Clear. Regards, Michael


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode