Remotely Monitoring Traffic - D-Link DWS-1008 User Manual
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
The show arp command displays the ARP aging timer and ARP entries in the system. To
display ARP information, type the following command:
DWS-1008# show arp
ARP aging time: 1200 seconds
Host
---------------------------------------------------------------------------------------------------------------------
10.8.1.1
10.8.107.1
Remotely Monitoring Traffic
Remote traffic monitoring enables you to snoop wireless traffic, by using a Distributed AP
as a sniffing device. The AP copies the sniffed 802.11 packets and sends the copies to an
observer, which is typically a protocol analyzer such as Ethereal or Tethereal.
How Remote Traffic Monitoring Works
To monitor wireless traffic, an AP radio compares traffic sent or received on the radio to
snoop filters applied to the radio by the network administrator. When an 802.11 packet
matches all conditions in a filter, the AP encapsulates the packet in a Tazmen Sniffer Protocol
(TZSP) packet and sends the packet to the observer host IP addresses specified by the filter.
TZSP uses UDP port 37008 for its transport. (TZSP was created by Chris Waters of Network
Chemistry.)
You can map up to eight snoop filters to a radio. A filter does not become active until you
enable it. Filters and their mappings are persistent and remain in the configuration following
a restart. However, filter state is not persistent. If the switch or the AP is restarted, the filter is
disabled. To continue using the filter, you must enable it again.
Using Snoop Filters on Radios That Use Active Scan
When active scan is enabled in a radio profile, the radios that use the profile actively scan
other channels in addition to the data channel that is currently in use. Active scan operates
on enabled radios and disabled radios. In fact, using a disabled radio as a dedicated scanner
provides better rogue detection because the radio can spend more time scanning on each
channel.
When a radio is scanning other channels, snoop filters that are active on the radio also
snoop traffic on the other channels. To prevent monitoring of data from other channels, use
the channel option when you configure the filter, to specify the channel on which you want
to scan.
All Snooped Traffic Is Sent in the Clear
Traffic that matches a snoop filter is copied after it is decrypted. The decrypted (clear) version
is sent to the observer.
D-Link Systems, Inc.
HW Address
00:30:b6:3e:5c:a8
00:0b:0e:00:04:0c
Appendix A - Troubleshooting
VLAN
Type
1
DYNAMIC
1
LOCAL
State
RESOLVED
RESOLVED
393
Advertisement
Table of Contents
