Packet Capture File Download; Diagnostic Log - Linksys LAPAC1750PRO User Manual

LAPAC1750PRO Access Point Software User Manual
In remote capture mode, traffic is sent to the PC running Wireshark via one
of the network interfaces Depending on where the Wireshark tool is located
the traffic can be sent on an Ethernet interface or one of the radios In order to
avoid a traffic flood caused by tracing the trace packets, the AP automatically
installs a capture filter to filter out all packets destined to the Wireshark
application For example if the Wireshark IP port is configured to be 58000
then the following capture filter is automatically installed on the AP:
not portrange 58000-58004
Enabling the packet capture feature impacts performance of the AP and can
create a security issue (unauthorized clients may be able to connect to the
AP and trace user data) The AP performance is negatively impacted even if
there is no active Wireshark session with the AP The performance is negatively
impacted to a greater extent when packet capture is in progress
Due to performance and security issues, the packet capture mode is not saved
in NVRAM on the AP; if the AP resets, the capture mode is disabled and then
you must re-enable it in order to resume capturing traffic Packet capture
parameters (other than mode) are saved in NVRAM
In order to minimize performance impact on the AP while traffic capture is in
progress, you should install capture filters to limit which traffic is sent to the
Wireshark tool When capturing 802 11 traffic, a large portion of the captured
frames tends to be beacons (typically sent every 100ms by all Access Points)
Although Wireshark supports a display filter for beacon frames, it does not
support a capture filter to prevent the AP from forwarding captured beacon
packets to the Wireshark tool In order to reduce performance impact of
capturing the 802 11 beacons, you can disable the capture beacons mode
The remote packet capture facility is a standard feature of the Wireshark tool
for Windows
NOTE:
Remote packet capture is not standard on the Linux version of Wireshark;
the Linux version doesn't work with the AP
Wireshark is an open source tool and is available for free; it can be downloaded
from http://www wireshark org
Table 78 describes the fields to configure the packet capture status
Section 4: Maintenance of the Access Point
Table 78: Remote Packet Capture
Field Description
Remote Capture Port Specify the remote port to use as the destination
for packet captures Default port is 2002 (Range
1025 to 65530)

Packet Capture File Download

Packet Capture File Download allows you to download the capture file
by TFTP to a configured TFTP server or by HTTP(S) to a PC TFTP file name
should not contain spaces, <, >, |, \, /, : , (, ), &, ; , #, ? , *, $, % and successive
' ' The captured packets are stored in file /tmp/apcapture pcap on the AP A
capture is automatically stopped when the capture file download command
is triggered
Because the capture file is located in the RAM file system, it disappears if the
AP is reset

Diagnostic Log

The Diagnostic Log page provides a way to gather the diagnostic/
troubleshooting information about the AP beyond what is available through
the Web UI
Table 79 describes the field of diagnostic log
Table 79: Diagnostic Log
Field Description
Download To download the diagnostic information for support, click
Download button
118