D-Link DWL-3600AP Administrator's Manual page 126

Unified wired & wireless access system

Hide thumbs Also See for DWL-3600AP:

Quick installation manual (9 pages)

Specifications (4 pages)

User manual (754 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

page of 183

/ 183
Contents
Table of Contents
Bookmarks

Table of Contents

Unified Access Point Administrator's Guide

To configure Wireshark to use the AP as the source for captured packets, you must specify the remote interface

in the "Capture Options" menu. For example to capture packets on an AP with IP address 192.168.1.10 on radio

1 using the default IP port, specify the following interface:

rpcap://192.168.1.10/radio1

To capture packets on the Ethernet interface of the AP and VAP0 on radio 1 using IP port 58000, start two

Wireshark sessions and specify the following interfaces:

rpcap://192.168.1.10:58000/eth0

rpcap://192.168.1.10:58000/wlan0

When you are capturing traffic on the radio interface, you can disable beacon capture, but other 802.11 control

frames are still sent to Wireshark. You can set up a display filter to show only:

• Data frames in the trace

• Traffic on specific BSSIDs

• Traffic between two clients

Some examples of useful display filters are:

• Exclude beacons and ACK/RTS/CTS frames:

!(wlan.fc.type_subtype == 8 || wlan.fc.type == 1)

• Data frames only:

wlan.fc.type == 2

• Traffic on a specific BSSID:

wlan.bssid == 00:02:bc:00:17:d0

• All traffic to and from a specific client:

wlan.addr == 00:00:e8:4e:5f:8e

In remote capture mode, traffic is sent to the PC running Wireshark via one of the network interfaces.

Depending on where the Wireshark tool is located the traffic can be sent on an Ethernet interface or one of the

radios. In order to avoid a traffic flood caused by tracing the trace packets, the AP automatically installs a

capture filter to filter out all packets destined to the Wireshark application. For example if the Wireshark IP port

is configured to be 58000 then the following capture filter is automatically installed on the AP:

not portrange 58000‐58004.

Enabling the packet capture feature impacts performance of the AP and can create a security issue

(unauthorized clients may be able to connect to the AP and trace user data). The AP performance is negatively

impacted even if there is no active Wireshark session with the AP. The performance is negatively impacted to

a greater extent when packet capture is in progress.

Due to performance and security issues, the packet capture mode is not saved in NVRAM on the AP; if the AP

resets, the capture mode is disabled and the you must re‐enable it in order to resume capturing traffic. Packet

capture parameters (other than mode) are saved in NVRAM.

D-Link

November 2011

Packet Capture Configuration and Settings

Unified Access Point Administrator's Guide

Page 126

Table of Contents

This manual is also suitable for:

Dwl-6600ap Dwl-8600ap

D-Link DWL-3600AP Administrator's Manual page 126

Related Manuals for D-Link DWL-3600AP

Related Products for D-Link DWL-3600AP

This manual is also suitable for:

Table of Contents