Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do you Sniff with a lightweight?

Okay I set a LAP-1242 out in the wild in "Sniffer" mode.

What I cant figure out is how do I get to the actual data it is sniffing. Does it save it in WCS as a log or something?

5 REPLIES

Re: How do you Sniff with a lightweight?

typically the sniffer is used with the wIPS module that is on the MSE appliance you can add to your WCS.

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/wipsdep.html

New Member

Re: How do you Sniff with a lightweight?

and if I dont have that I cant use it?

New Member

Re: How do you Sniff with a lightweight?

You can use it without the wIPS. If you set an AP to be in sniffer mode, it will ask you to reboot the AP. After it reboots, if you go to that AP's interface configuration page(a or b/g), there is a checkbox that says 'Sniff' and after it is checked it lets you pick a channel to sniff on, and an IP address of a host to send the wireless capture to.

If you enter the IP address of some host on the network(wired or wireless) that has a sniffing program (Omnipeek, wireshark, etc) running on it, you should get the captures on that pc.

Does this help at all?

New Member

Re: How do you Sniff with a lightweight?

Dont forget to decode UDP Port 5555 as "AiroPeek" in the Wireshark Decode Options, so you can read the Frames in clear. Regards, Michael

New Member

Re: How do you Sniff with a lightweight?

Hi Scott, i think that there was a Post before mine, that has been removed, why ever... If you had changed AP Mode to Sniffer and it has rebooted, you can define on which channel the AP has to sniff and to which IP the Packets should be streamed. All unneccessary Headers will be removed. The Stream is encapsulated in UDP SRC 5555 DST 5000. Open Wireshark and trace your NIC. Filter and Drop the ICMP unreachables. Mark one Frame with UDP SRC 5555, click Right Mose, "Decode As..." -> AiroPeek, é Voila, all Packets from the Sniffer AP are 802.11 in Clear. Regards, Michael

296
Views
0
Helpful
5
Replies
CreatePlease to create content