Wireless Access

Reply
Regular Contributor II
Posts: 219
Registered: ‎10-09-2009

How to do a packet capture for a client from Aruba OS

I need to do a packet capture to troubleshoot an iPad connection issue with an application. I know that you can do a packet capture from the controller, but not sure how to set it up for  capturing for a client.

MVP
Posts: 4,238
Registered: ‎07-20-2011

Re: How to do a packet capture for a client from Aruba OS

Hey John,

You can run the mac os x wireless diagnostic tool to troubleshoot wireless/network issues in combination with the Controller show datapath session table to see what ports are getting dropped or allowed :

http://osxdaily.com/2015/04/23/sniff-packet-capture-packet-trace-mac-os-x-wireless-diagnostics/

More effectively you can use the controllers capabilities to do a packet capture based on the wireless traffic seen by the Aruba Aps:
https://www.youtube.com/watch?v=Mg1nn3vO4Cw
https://community.arubanetworks.com/t5/Community-Matters-Blog/ArubaOS-6-3-New-Packet-Capture-Functionality-in-ArubaOS-6-3/ba-p/113967
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor II
Posts: 219
Registered: ‎10-09-2009

Re: How to do a packet capture for a client from Aruba OS

I saw online about hooking up your iPad to a MAC and using Wireshark with the Remote Virtual Interface . We do not have a MAC to use but I will try and go from the Aruba APs. Thanks for the ideas.


#AirheadsMobile
New Contributor
Posts: 3
Registered: ‎06-01-2016

Re: How to do a packet capture for a client from Aruba OS

 

 

presuming your VAP is in tunnel mode, to do a capture from the controller datapath of a single users traffic, look into the following CLI commands:

 

packet-capture destination ip-address <ip of pc with wireshark running>
packet-capture datapath wifi-client <mac> all  (or decrypted)

"all" includes the wifi traffic that is probably going to be encrypted - whether you need that depends on whether your problem is more at the mac layer or not. If you just want the IP traffic of a single client, then use "decryped" instead of "all".

 

The wireshark pc can be anything that is reachable from the controller, make sure it has it's firewall disabled etc. Perhaps validate on a known working user before capturing on a suspect user. The traffic is encapsulated in GRE and will traverse most networks without any drama.

 

Don't forget to disable it with "no packet-capture datapath wifi-client" when you are finished.

 

 

hope that helps.

-dugem

Search Airheads
Showing results for 
Search instead for 
Did you mean: