I'm looking to capture the unencrypted traffic from a client. I can't use a SPAN at the moment, so it looks like the packet-capture command is my only option. I've used this command in the past for tiny packet captures and it worked just fine. However, I need to perform a packet capture that will last a few minutes and I'm not sure how big it will end up being. I'm left with the following questions:
1) When using the destination local-filesystem syntax, what happens if the packet capture fills gets too large and fills up flash? Do I run the risk of causing issues for connected APs and clients?
2) If I want to avoid filling up flash and use the destination ip-address syntax instead, how does this work? Does this work the same as ap packet-capture and the Wireshark Aruba decode must be used? I tried using OmniPeek and the Aruba Adapter but never saw traffic.