Wireless Access

Reply
Regular Contributor II

How to do a packet capture for a client from Aruba OS

I need to do a packet capture to troubleshoot an iPad connection issue with an application. I know that you can do a packet capture from the controller, but not sure how to set it up for  capturing for a client.

Re: How to do a packet capture for a client from Aruba OS

Hey John,

You can run the mac os x wireless diagnostic tool to troubleshoot wireless/network issues in combination with the Controller show datapath session table to see what ports are getting dropped or allowed :

http://osxdaily.com/2015/04/23/sniff-packet-capture-packet-trace-mac-os-x-wireless-diagnostics/

More effectively you can use the controllers capabilities to do a packet capture based on the wireless traffic seen by the Aruba Aps:
https://www.youtube.com/watch?v=Mg1nn3vO4Cw
https://community.arubanetworks.com/t5/Community-Matters-Blog/ArubaOS-6-3-New-Packet-Capture-Functionality-in-ArubaOS-6-3/ba-p/113967
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor II

Re: How to do a packet capture for a client from Aruba OS

I saw online about hooking up your iPad to a MAC and using Wireshark with the Remote Virtual Interface . We do not have a MAC to use but I will try and go from the Aruba APs. Thanks for the ideas.


#AirheadsMobile

Re: How to do a packet capture for a client from Aruba OS

 

 

presuming your VAP is in tunnel mode, to do a capture from the controller datapath of a single users traffic, look into the following CLI commands:

 

packet-capture destination ip-address <ip of pc with wireshark running>
packet-capture datapath wifi-client <mac> all  (or decrypted)

"all" includes the wifi traffic that is probably going to be encrypted - whether you need that depends on whether your problem is more at the mac layer or not. If you just want the IP traffic of a single client, then use "decryped" instead of "all".

 

The wireshark pc can be anything that is reachable from the controller, make sure it has it's firewall disabled etc. Perhaps validate on a known working user before capturing on a suspect user. The traffic is encapsulated in GRE and will traverse most networks without any drama.

 

Don't forget to disable it with "no packet-capture datapath wifi-client" when you are finished.

 

 

hope that helps.

-dugem

Aruba Employee

Re: How to do a packet capture for a client from Aruba OS

after you do the packet capture from the controller >monitor>Access points page

where do you go to download it?

Guru Elite

Re: How to do a packet capture for a client from Aruba OS

If your packet capture destination is a wireshark terminal, that is where your packet capture should be streamed to.  If your destination is flash, you have to obtain the tar logs tech support from the controller and it is in a folder with the extension .pcap

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: How to do a packet capture for a client from Aruba OS

or just "tar logs",

or   "packet-capture copy-to-flash datapath-pcap", then copy the datapath-pcap.tar.gz from the flash the same way you would logs.tar etc.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: