Administration
Packet Capture
Cisco Small Business WAP551 and WAP561 Wireless-N Access Point
60
3
not portrange 58000-58004
Due to performance and security issues, the packet capture mode is not saved in NVRAM on
the WAP device; if the WAP device resets, the capture mode is disabled and then you must
reenable it to resume capturing traffic. Packet capture parameters (other than mode) are saved
in NVRAM.
Enabling the packet capture feature can create a security issue: Unauthorized clients may be
able to connect to the WAP device and trace user data. The performance of the WAP device
also is negatively impacted during packet capture, and this impact continues to a lesser extent
even when there is no active Wireshark session. To minimize the performance impact on the
WAP device during traffic capture, install capture filters to limit which traffic is sent to the
Wireshark tool. When capturing 802.11 traffic, a large portion of the captured frames tends to
be beacons (typically sent every 100 ms by all APs). Although Wireshark supports a display
filter for beacon frames, it does not support a capture filter to prevent the WAP device from
forwarding captured beacon packets to the Wireshark tool. To reduce the performance impact
of capturing the 802.11 beacons, disable the capture beacons mode.
Packet Capture File Download
Packet Capture File Download
You can download a capture file by TFTP to a configured TFTP server, or by HTTP(S) to a
computer. A capture is automatically stopped when the capture file download command is
triggered.
Because the capture file is located in the RAM file system, it disappears if the WAP device is
reset.
To download a packet capture file using TFTP:
STEP 1
Select Use TFTP to download the capture file.
STEP 2
Enter the TFTP Server Filename to download if different from the default. By default, the
captured packets are stored in the folder file /tmp/apcapture.pcap on the WAP device.
STEP 3
Specify a TFTP Server IPv4 Address in the field provided.
STEP 4
Click Download.
To download a packet capture file using HTTP: