Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Capturing Packets - How do you do it?

This thread has been viewed 20 times

  • 1.  Capturing Packets - How do you do it?

    Posted Aug 19, 2016 04:27 PM

    I know enough about this to be dangerous, so forgive my ignorance. When using wireshark on a LAN, I see traffic like DHCP requests, DNS looksups, and what not. I'm able to capture traffic from an AP and redirect it to wireshark, but it seems to be lower level than this. I've read many articles about capturing and I've not exactly found the solution I'm looking for.

     

    When debugging wireless client issues, what is the best way to see things like DHCP requests and DNS looksup via a packet capture?

    Thanks,
    Robert

     



  • 2.  RE: Capturing Packets - How do you do it?

    EMPLOYEE
    Posted Aug 19, 2016 05:44 PM
    You need to look at the decrypted packets. Take a look at this:





    http://community.arubanetworks.com/t5/Community-Matters-Blog/ArubaOS-6-3-New
    -Packet-Capture-Functionality-in-ArubaOS-6-3/ba-p/113967


  • 3.  RE: Capturing Packets - How do you do it?

    Posted Aug 22, 2016 09:09 PM

    Thanks Tim. I used this today to help identify a DHCP configuration issue on one of our scopes.

     

    What I was hoping to do is use the GUI to grab packets at the AP and direct them via  UDP port to wireshark. Is that not possible because decryption happens at the controller?

     

    Robert

     



  • 4.  RE: Capturing Packets - How do you do it?

    EMPLOYEE
    Posted Aug 23, 2016 04:42 AM

    Robert,

     

    The GUI only allows you to capture encrypted packets.  It is effectively a copy of the packets that the AP receives.  The article that Tim shared would allow you to collect, and view decrypted packets through the controller without having to stream to an external collector, which would add another external device.



  • 5.  RE: Capturing Packets - How do you do it?

    Posted Aug 23, 2016 07:50 AM

    Colin,

    I understand. Filtering and other GUI stuff is nice in Wireshark. What I've done to this point is mirror the egress port of the controller and do capture filters and or packet filters depending on how much data is received. That adds the uplink switch to the scenario. I guess what my question is, can one redirect via UDP captured unencrypted traffic from the controller to Wireshark. It sounds like there isn't. The CLI solution works and I'll add that to my toolchest. 

    Thanks,

    Robert

     



  • 6.  RE: Capturing Packets - How do you do it?

    EMPLOYEE
    Posted Aug 23, 2016 08:19 AM

    You cannot send the packet capture via the GUI unencrypted to wireshark, but you can do this on the commandline:

     

    (Aruba7005-US) #packet-capture destination ip-address <ip address of wireshark host>
(Aruba7005-US) #packet-capture datapath wifi-client <mac of client> decrypted

     

     



  • 7.  RE: Capturing Packets - How do you do it?

    Posted Aug 23, 2016 08:43 AM

    That sounds like that will work great. Thanks.