Displaying Remote Traffic Monitoring Statistics; Preparing An Observer And Capturing Traffic - Nortel 2300 Series Configuration Manual
Wlan security switch
Hide thumbs
Also See for 2300 Series:
- Reference (622 pages) ,
- Configuration manual (39 pages) ,
- Solution manual (108 pages)
Table of Contents
Advertisement
594 Appendix A: Troubleshooting a WS Switch
Displaying Remote Traffic Monitoring Statistics
The AP collects statistics for packets that match the enabled snoop filters mapped to its radios. The AP retains statistics
for a snoop filter until the filter is changed or disabled. The AP then clears the statistics.
To display statistics for packets matching a snoop filter, use the following command:
show snoop stats [filter-name [dap-num [radio {1 | 2}]]]
The following command shows statistics for snoop filter snoop1:
23x0# show snoop stats snoop1
Filter
Dap Radio
===============================================================================
snoop1
Preparing an Observer and Capturing Traffic
To observe monitored traffic, install the following applications on the observer:
•
Ethereal or Tethereal Version 0.10.8 or later
•
Netcat (any version), if not already installed
Ethereal and Tethereal decode 802.11 packets embedded in TZSP without any configuration.
Use Netcat to listen to UDP packets on the TZSP port. This avoids a constant flow of ICMP destination unreachable
messages from the observer back to the radio. You can obtain Netcat through the following link:
http://www.securityfocus.com/tools/139/scoreit
If the observer is a PC, you can use a Tcl script instead of Netcat if preferred.
1
Install the required software on the observer.
2
Configure and map snoop filters in WSS Software.
3
Start Netcat, using a command such as the following:
nc -l -u -p 37008 ip-addr > /dev/null &
Where ip-addr is the IP address of the Distributed AP to which the snoop filter is mapped. (To display the
Distributed AP's IP address, use the show dap status command.)
4
Start the capture application:
●
For Ethereal capture, use ethereal filter port 37008.
●
For Tethereal capture, use tethereal -V port 37008.
5
Disable the option to decrypt 802.11 payloads. Because the AP always decrypts the data before sending it
to the observer, the observer does not need to perform any decryption. In fact, if you leave decryption
enabled on the observer, the payload data becomes unreadable.
To disable the decryption option in Ethereal:
a
In the decode window, right-click on the IEEE 802.11 line.
b
Select Protocol Preferences to display the 802.11 Protocol Preferences dialog.
c
Click next to Ignore the WEP bit to deselect the option. This option is applicable for any type of
data encryption used by AP radios.
320657-A
Rx Match
3
1
Tx Match
Dropped
96
4
Stop-After
0
stopped
Advertisement
Table of Contents
