Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to do a packet capture for a client from Aruba OS

This thread has been viewed 111 times

  • 1.  How to do a packet capture for a client from Aruba OS

    Posted Jan 05, 2017 02:44 PM

    I need to do a packet capture to troubleshoot an iPad connection issue with an application. I know that you can do a packet capture from the controller, but not sure how to set it up for  capturing for a client.



  • 2.  RE: How to do a packet capture for a client from Aruba OS

    Posted Jan 05, 2017 02:56 PM
    Hey John,

    You can run the mac os x wireless diagnostic tool to troubleshoot wireless/network issues in combination with the Controller show datapath session table to see what ports are getting dropped or allowed :

    http://osxdaily.com/2015/04/23/sniff-packet-capture-packet-trace-mac-os-x-wireless-diagnostics/

    More effectively you can use the controllers capabilities to do a packet capture based on the wireless traffic seen by the Aruba Aps:
    https://www.youtube.com/watch?v=Mg1nn3vO4Cw
    https://community.arubanetworks.com/t5/Community-Matters-Blog/ArubaOS-6-3-New-Packet-Capture-Functionality-in-ArubaOS-6-3/ba-p/113967


  • 3.  RE: How to do a packet capture for a client from Aruba OS

    Posted Jan 05, 2017 11:06 PM
    I saw online about hooking up your iPad to a MAC and using Wireshark with the Remote Virtual Interface . We do not have a MAC to use but I will try and go from the Aruba APs. Thanks for the ideas.


    #AirheadsMobile


  • 4.  RE: How to do a packet capture for a client from Aruba OS
    Best Answer

    Posted Jan 09, 2017 09:07 AM

     

     

    presuming your VAP is in tunnel mode, to do a capture from the controller datapath of a single users traffic, look into the following CLI commands:

     

    packet-capture destination ip-address <ip of pc with wireshark running>
packet-capture datapath wifi-client <mac> all  (or decrypted)

    "all" includes the wifi traffic that is probably going to be encrypted - whether you need that depends on whether your problem is more at the mac layer or not. If you just want the IP traffic of a single client, then use "decryped" instead of "all".

     

    The wireshark pc can be anything that is reachable from the controller, make sure it has it's firewall disabled etc. Perhaps validate on a known working user before capturing on a suspect user. The traffic is encapsulated in GRE and will traverse most networks without any drama.

     

    Don't forget to disable it with "no packet-capture datapath wifi-client" when you are finished.

     

     

    hope that helps.

    -dugem



  • 5.  RE: How to do a packet capture for a client from Aruba OS

    Posted May 08, 2018 12:58 PM

    after you do the packet capture from the controller >monitor>Access points page

    where do you go to download it?



  • 6.  RE: How to do a packet capture for a client from Aruba OS

    EMPLOYEE
    Posted May 08, 2018 01:01 PM

    If your packet capture destination is a wireshark terminal, that is where your packet capture should be streamed to.  If your destination is flash, you have to obtain the tar logs tech support from the controller and it is in a folder with the extension .pcap

     



  • 7.  RE: How to do a packet capture for a client from Aruba OS

    Posted May 10, 2018 05:56 AM

    or just "tar logs",

    or   "packet-capture copy-to-flash datapath-pcap", then copy the datapath-pcap.tar.gz from the flash the same way you would logs.tar etc.