Administration
Packet Capture
Cisco Small Business WAP371 Wireless Access Point Administration Guide
45
3
STEP 3
At Interface, select Remote. A popup window appears.
STEP 4
At Host, enter the IP address of the WAP device.
STEP 5
At Port, enter the port number of the WAP. For example, enter 2002 if you used the default, or
enter the port number if you used a port other than the default.
STEP 6
Click OK.
STEP 7
Select the interface from which you need to capture packets. At the Wireshark popup window,
next to the IP address, there is a pull-down list for you to select the interfaces. The interface
can be one of the following:
Linux bridge interface in the wap device
--rpcap://[192.168.1.220]:2002/brtrunk
Wired LAN interface
-- rpcap://[192.168.1.220]:2002/eth0
VAP0 traffic on radio 1
-- rpcap://[192.168.1.220]:2002/wlan0
802.11 traffic
-- rpcap://[192.168.1.220]:2002/radio1
At WAP371, VAP1 ~ VAP7 traffic for radio 1
-- rpcap://[192.168.1.220]:2002/wlan0vap1 ~ wlan0vap7
At WAP371, VAP1 ~ VAP7 traffic for radio 2
-- rpcap://[192.168.1.220]:2002/wlan1vap1 ~ wlan1vap7
You can trace up to four interfaces on the WAP device at the same time. However, you must
start a separate Wireshark session for each interface. To initiate additional remote capture
sessions, repeat the Wireshark configuration steps; no configuration needs to be done on the
WAP device.
NOTE
The system uses four consecutive port numbers, starting with the configured port for the remote
packet capture sessions. Verify that you have four consecutive port numbers available. We
recommend that if you do not use the default port, use a port number greater than 1024.
When you are capturing traffic on the radio interface, you can disable beacon capture, but
other 802.11 control frames are still sent to Wireshark. You can set up a display filter to show
only:
•
Data frames in the trace
•
Traffic on specific Basic Service Set IDs (BSSIDs)
•
Traffic between two clients
Some examples of useful display filters are:
•
Exclude beacons and ACK/RTS/CTS frames:
!(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1)