Cisco WAP150 Manual page 130

Wireless-ac/n dual radio access point with poe

Hide thumbs Also See for WAP150:

Quick start manual (13 pages)

Manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Wireshark

The system uses four consecutive port numbers, starting with the configured port for the remote packet capture

Note

sessions. Verify that you have four consecutive port numbers available. We recommend that if you do not use

the default port; use a port number greater than 1024.

When you are capturing traffic on the radio interface, you can disable beacon capture, but other 802.11 control

frames are still sent to Wireshark. You can set up a display filter to show only:

• Data frames in the trace.

• Traffic on specific Basic Service Set IDs (BSSIDs).

• Traffic between two clients.

Some examples of useful display filters are:

• Exclude beacons and ACK/RTS/CTS frames:

!(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1)

• Data frames only:

wlan.fc.type == 2

• Traffic on a specific BSSID:

wlan.bssid == 00:02:bc:00:17:d0

• All traffic to and from a specific client:

wlan.addr == 00:00:e8:4e:5f:8e

In remote capture mode, traffic is sent to the computer running Wireshark through one of the network interfaces. Depending

on the location of the Wireshark tool, the traffic can be sent on an Ethernet interface or one of the radios. To avoid a

traffic flood caused by tracing the packets, the WAP device automatically installs a capture filter to filter out all packets

destined to the Wireshark application. For example, if the Wireshark IP port is configured to be 58000, then this capture

filter is automatically installed on the WAP device:

not port range 58000-58004

Due to performance and security issues, the packet capture mode is not saved in NVRAM on the WAP device. If the

WAP device resets, the capture mode is disabled and then you must enable it again to resume capturing traffic. Packet

capture parameters (other than the mode) are saved in NVRAM.

Enabling the packet capture feature can create a security issue: Unauthorized clients may be able to connect to the WAP

device and trace user data. The performance of the WAP device also is negatively impacted during packet capture, and

this impact continues to a lesser extent even when there is no active Wireshark session. To minimize the performance

impact on the WAP device during traffic capture, install capture filters to limit which traffic is sent to the Wireshark tool.

When capturing 802.11 traffic, a large portion of the captured frames tend to be beacons (typically sent every 100 ms by

all access points). Although Wireshark supports a display filter for beacon frames, it does not support a capture filter to

prevent the WAP device from forwarding the captured beacon packets to the Wireshark tool. To reduce the performance

impact of capturing the 802.11 beacons, disable the capture beacons mode.

Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE / Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE

120

Troubleshoot

Table of Contents

This manual is also suitable for:

Wap361

Cisco WAP150 Manual page 130

Related Manuals for Cisco WAP150

Related Products for Cisco WAP150

This manual is also suitable for:

Table of Contents