Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

WLC remote capturing (SNIFF MODE)

Hi Board,

There's the sniffing option in the APs modes. After enabling it, rebooting the AP and adjusting the sniffed channel and destination, the controller sends packets to UDP/5000 with the destination address of the configured destination.

So far so good.

What capturing tool is used to decode the UDP packets as 802.11 packets. I guess, that the UDP payload is the original 802.11 packet.

So has anyone done something like that before? The documentation is very poor on that topic.

Oh - I'm using some 4.2 Version :-)

Thanks in advance! Wbr



Re: WLC remote capturing (SNIFF MODE)

The controller enables you to configure an access point as a network "sniffer," which captures and forwards all the packets on a particular channel to a remote machine that runs packet analyzer software. These packets contain information on timestamp, signal strength, packet size, and so on. Sniffers allow you to monitor and record network activity and to detect problems.

Configuring Wireless Sniffing:

Re: WLC remote capturing (SNIFF MODE)

Thanks, but how to configure wireless sniffing is crystal clear. That wasn't my question after all. How do I enable Wireshark to capture/interprete that traffic. And I doesn't talk about capturing UDP Packets from the controller with the 802.11 packet as UDP-payload.

CreatePlease login to create content