Wireless Access

I'm looking to capture the unencrypted traffic from a client.  I can't use a SPAN at the moment, so it looks like the packet-capture command is my only option.  I've used this command in the past for tiny packet captures and it worked just fine.  However, I need to perform a packet capture that will last a few minutes and I'm not sure how big it will end up being.  I'm left with the following questions:

1) When using the destination local-filesystem syntax, what happens if the packet capture fills gets too large and fills up flash?  Do I run the risk of causing issues for connected APs and clients?

2) If I want to avoid filling up flash and use the destination ip-address syntax instead, how does this work?   Does this work the same as ap packet-capture and the Wireshark Aruba decode must be used?  I tried using OmniPeek and the Aruba Adapter but never saw traffic.

I started looking at doing the same thing, but haven't had time to actually do it.  Maybe some of the things I've bookmarked might be helpful:

This youtube video is from Feb 2014, so it might be the most helpful:

http://www.youtube.com/watch?v=Mg1nn3vO4Cw

The rest of these are a little older:

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-do-we-do-packet-capturing-on-ArubaOS/td-p/1126

http://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/270/1/Packet%20Capture%20with%20Aruba%20Controller.pdf

http://community.arubanetworks.com/aruba/attachments/aruba/115/160/1/Packet+Capturing+Options+with+Aruba+Wireless+Networks.pdf%29,

Thanks for the info.  After testing with with the ERM filter on I wasn't seeing the unencrypted client traffic.  I tried again with no filters and started seeing the unencrypted user traffic.  The unencrypted traffic is sent via GRE which explains why the ERM filter wasn't catching the packets.