There's the sniffing option in the APs modes. After enabling it, rebooting the AP and adjusting the sniffed channel and destination, the controller sends packets to UDP/5000 with the destination address of the configured destination.
So far so good.
What capturing tool is used to decode the UDP packets as 802.11 packets. I guess, that the UDP payload is the original 802.11 packet.
So has anyone done something like that before? The documentation is very poor on that topic.
The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems.
Thanks, but how to configure wireless sniffing is crystal clear. That wasn't my question after all. How do I enable Wireshark to capture/interprete that traffic. And I doesn't talk about capturing UDP Packets from the controller with the 802.11 packet as UDP-payload.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...