Table of Contents
Advertisement
LAPAC1750PRO Access Point Software User Manual
Table 77: Packet File Capture
Field
Description
Capture Interface
Select an AP Capture Interface name from the
drop-down menu AP capture interface names
are eligible for packet capture are the following:
•
brtrunk - Linux bridge interface in the AP
•
eth0 - 802 3 traffic on the Ethernet port
•
wlan0 - VAP0 traffic on radio 1
•
wlan0wds0 ~ wlan0wds3 — Traffic on the
specified WDS interface
•
wlan0vap1 ~ wlan0vap7 — Traffic on the
specified VAP on Radio 1
•
wlan1 - VAP0 traffic on radio 2
•
wlan1vap1 ~ wlan1vap7 — Traffic on the
specified VAP on Radio 2
•
radio1 - 802 11 traffic on radio 1
•
radio2 - 802 11 traffic on radio 2
Capture Duration
Specify the time duration in seconds for the
capture (range 10 to 3600)
Max Capture File Size
Specify the maximum allowed size for the
capture file in KB (range 64 to 4096)
Remote Packet Capture
Remote Packet Capture allows you to specify a remote port as the destination
for packet captures This feature works in conjunction with the Wireshark
network analyzer tool for Windows A packet capture server runs on the AP and
sends the captured packets via a TCP connection to the Wireshark tool
A Windows PC running the Wireshark tool allows you to display, log, and
analyze captured traffic
When the remote capture mode is in use, the AP doesn't store any captured
data locally in its file system
Section 4: Maintenance of the Access Point
You can trace up to five interfaces on the AP at the same time However, you
must start a separate Wireshark session for each interface You can configure
the IP port number used for connecting Wireshark to the AP The default port
number is 2002 The system uses 5 consecutive port numbers starting with the
configured port for the packet capture sessions
If a firewall is installed between the Wireshark PC and the AP, these ports must
be allowed to pass through the firewall The firewall must also be configured to
allow the Wireshark PC to initiate TCP connection to the AP
In order to configure Wireshark to use the AP as the source for captured packets,
you must specify the remote interface in the Capture Options menu For
example, to capture packets on an AP with IP address 192 168 1 252 on radio 1
using the default IP port, specify the following interface:
rpcap://192 168 1 252/radio1
To capture packets on the Ethernet interface of the AP and VAP0 on radio 1 using
IP port 58000, start two Wireshark sessions and specify the following interfaces:
rpcap://192 168 1 252:58000/eth0
rpcap://192 168 1 252:58000/wlan0
When you are capturing traffic on the radio interface, you can disable beacon
capture, but other 802 11 control frames are still sent to Wireshark You can set
up a display filter to show only the following:
•
Data frames in the trace
•
Traffic on specific BSSIDs
•
Traffic between two clients
Some examples of useful display filters are:
•
Exclude beacons and ACK/RTS/CTS frames:
!(wlan fc type_subtype == 8 || wlan fc type == 1)
•
Data frames only:
wlan fc type == 2
•
Traffic on a specific BSSID:
wlan bssid == 00:02:bc:00:17:d0
•
All traffic to and from a specific client:
•
wlan addr == 00:00:e8:4e:5f:8e
117
- Quick Links:
- Installing the Access Point
Hide quick links:
Advertisement
Table of Contents
