Remote Packet Capture - Cisco WAP571 Administration Manual

Administration
Packet Capture
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
STEP 6
Cisco WAP571/E Administration Guide

Remote Packet Capture

The Remote Packet Capture feature enables you to specify a remote port as the
destination for packet captures. This feature works in conjunction with the
Wireshark network analyzer tool for Windows. A packet capture server runs on the
WAP device and sends the captured packets through a TCP connection to the
Wireshark tool. Wireshark is an open source tool and is available for free; it can be
downloaded from http://www.wireshark.org.
A Microsoft Windows computer running the Wireshark tool allows you to display,
log, and analyze captured traffic. The remote packet capture facility is a standard
feature of the Wireshark tool for Windows. Linux version does not work with the
WAP device.
When remote capture mode is in use, the WAP device does not store any captured
data locally in its file system.
If a firewall is installed between the Wireshark computer and the WAP device, the
traffic for these ports must be allowed to pass through the firewall. The firewall
must also be configured to allow the Wireshark computer to initiate a TCP
connection to the WAP device.
To initiate a remote capture on a WAP device:
Select Administration > Packet Capture.
Enable Promiscuous Capture.
For the Packet Capture Method, select Remote.
For the Remote Capture Port, use the default port (2002), or if you are using a
port other than the default, enter the desired port number used for connecting
Wireshark to the WAP device. The port range is from 1025 to 65530.
If you want to save the settings for use at another time, click Save.
Click Start Capture.
To initiate the Wireshark network analyzer tool for Microsoft Windows:
3
58