Cisco WAP131 Administration Manual page 61

Wireless-n dual radio access point with poe

Hide thumbs Also See for WAP131:

Quick start manual (13 pages)

Manual (4 pages)

Manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

page of 186

/ 186
Contents
Table of Contents
Bookmarks

Table of Contents

Administration

Packet Capture

Cisco WAP131 and WAP351 Administration Guide

When you are capturing traffic on the radio interface, you can disable beacon

capture, but other 802.11 control frames are still sent to Wireshark. You can set up

a display filter to show only:

•

Data frames in the trace

•

Traffic on specific Basic Service Set IDs (BSSIDs)

•

Traffic between two clients

Some examples of useful display filters are:

•

Exclude beacons and ACK/RTS/CTS frames:

!(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1)

•

Data frames only:

wlan.fc.type == 2

•

Traffic on a specific BSSID:

wlan.bssid == 00:02:bc:00:17:d0

•

All traffic to and from a specific client:

wlan.addr == 00:00:e8:4e:5f:8e

In remote capture mode, traffic is sent to the computer running Wireshark through

one of the network interfaces. Depending on the location of the Wireshark tool, the

traffic can be sent on an Ethernet interface or one of the radios. To avoid a traffic

flood caused by tracing the packets, the WAP device automatically installs a

capture filter to filter out all packets destined to the Wireshark application. For

example, if the Wireshark IP port is configured to be 58000, then this capture filter

is automatically installed on the WAP device:

not port range 58000-58004

Due to performance and security issues, the packet capture mode is not saved in

NVRAM on the WAP device. If the WAP device resets, the capture mode is

disabled and then you must enable it again to resume capturing traffic. Packet

capture parameters (other than the mode) are saved in NVRAM.

Enabling the packet capture feature can create a security issue: Unauthorized

clients may be able to connect to the WAP device and trace user data. The

performance of the WAP device also is negatively impacted during packet

capture, and this impact continues to a lesser extent even when there is no active

Wireshark session. To minimize the performance impact on the WAP device during

traffic capture, install capture filters to limit which traffic is sent to the Wireshark

Table of Contents

Show Quick Links

Quick Links:
Getting Started with the Configuration
Launching the Web-Based Configuration Utility

Hide quick links:

Table of Contents

This manual is also suitable for:

Wap351

Cisco WAP131 Administration Manual page 61

Hide quick links:

Related Manuals for Cisco WAP131

Related Products for Cisco WAP131

This manual is also suitable for:

Table of Contents