Campus Switching and Routing

Reply
Frequent Contributor I
Posts: 79
Registered: ‎05-15-2012

Capturing Packets - How do you do it?

I know enough about this to be dangerous, so forgive my ignorance. When using wireshark on a LAN, I see traffic like DHCP requests, DNS looksups, and what not. I'm able to capture traffic from an AP and redirect it to wireshark, but it seems to be lower level than this. I've read many articles about capturing and I've not exactly found the solution I'm looking for.

 

When debugging wireless client issues, what is the best way to see things like DHCP requests and DNS looksup via a packet capture?

Thanks,
Robert

 

Guru Elite
Posts: 8,446
Registered: ‎09-08-2010

Re: Capturing Packets - How do you do it?

You need to look at the decrypted packets. Take a look at this:





http://community.arubanetworks.com/t5/Community-Matters-Blog/ArubaOS-6-3-New
-Packet-Capture-Functionality-in-ArubaOS-6-3/ba-p/113967

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 79
Registered: ‎05-15-2012

Re: Capturing Packets - How do you do it?

Thanks Tim. I used this today to help identify a DHCP configuration issue on one of our scopes.

 

What I was hoping to do is use the GUI to grab packets at the AP and direct them via  UDP port to wireshark. Is that not possible because decryption happens at the controller?

 

Robert

 

Guru Elite
Posts: 20,961
Registered: ‎03-29-2007

Re: Capturing Packets - How do you do it?

Robert,

 

The GUI only allows you to capture encrypted packets.  It is effectively a copy of the packets that the AP receives.  The article that Tim shared would allow you to collect, and view decrypted packets through the controller without having to stream to an external collector, which would add another external device.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 79
Registered: ‎05-15-2012

Re: Capturing Packets - How do you do it?

Colin,

I understand. Filtering and other GUI stuff is nice in Wireshark. What I've done to this point is mirror the egress port of the controller and do capture filters and or packet filters depending on how much data is received. That adds the uplink switch to the scenario. I guess what my question is, can one redirect via UDP captured unencrypted traffic from the controller to Wireshark. It sounds like there isn't. The CLI solution works and I'll add that to my toolchest. 

Thanks,

Robert

 

Guru Elite
Posts: 20,961
Registered: ‎03-29-2007

Re: Capturing Packets - How do you do it?

You cannot send the packet capture via the GUI unencrypted to wireshark, but you can do this on the commandline:

 

(Aruba7005-US) #packet-capture destination ip-address <ip address of wireshark host>
(Aruba7005-US) #packet-capture datapath wifi-client <mac of client> decrypted 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 79
Registered: ‎05-15-2012

Re: Capturing Packets - How do you do it?

That sounds like that will work great. Thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: