Preparing An Observer And Capturing Traffic - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Preparing an Observer and Capturing Traffic

To observe monitored traffic, install the following applications on the observer:
• Ethereal or Tethereal Version 0.10.8 or later
• Netcat (any version), if not already installed
Ethereal and Tethereal decode 802.11 packets embedded in TZSP without any configuration.
Use Netcat to listen to UDP packets on the TZSP port. This avoids a constant flow of ICMP destination
unreachable messages from the observer back to the radio.
You can obtain Netcat through the following link:
http://www.vulnwatch.org/netcat/
If the observer is a PC, you can use a Tcl script instead of Netcat if preferred.
1. Install the required software on the observer.
2. Configure and map snoop filters in MSS.
3. Start Netcat:
• On Linux or Unix, use a command such as the following:
nc -l -u -p 37008 ip-addr > /dev/null &
• On Windows, use the following command:
netcat -l -u -p 37008 -v -v
Where ip-addr is the IP address of the Distributed AP to which the snoop filter is mapped.
(To display the Distributed AP's IP address, use the show dap status command.)
4. Start the capture application:
• For Ethereal capture, use ethereal filter port 37008.
• For Tethereal capture, use tethereal -V port 37008.
D-Link DWS-1008 User Manual 8