I have tried do some packet capture traffic from AP using wireshark 0.99.7 and 1.4.1 downloaded from the tools in the support area, using the ARUBA udp 5555 port, but I can't get anything, is there any requirement to do it?
Please see the thread here: http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-do-we-do-packet-capturing-on-ArubaOS/m-p/1126/highlight/true#M149 for some ideas.
Yes, I have already read it, but following the indications I can't get any packet in wireshark.
I have AOS 188.8.131.52
Does the capture go from AP to PC directly or it goes throught controller?
AP to PC directly on port 5555
If I start wireshark capturing with my own NIC using a filter with source ip = ip of my Campus AP and then I start the AP packet capture, I don't see anything. It is correct?
Please read the document here: http://community.arubanetworks.com/aruba/attachments/aruba/115/160/1/Packet+Capturing+Options+with+Aruba+Wireless+Networks.pdf
May be the problem is with winpcap, I use winpcap 4.1 and I don't know if it is supported with this version.
I use w7, so winpcap 3.1 is not supported with w7, please, could you confirm if wireshark-win32-aruba-1.4.1 only works with winpcap 3.1?
If you are streaming from an access point to a management station, I don't think Winpcap comes into play. The management station just needs to receive traffic from the ip address of the AP on port 5555.
What are you trying to do, exactly?
I know this thread is old - but I found it when recently attempting to do some wireless captures from AP's - and failing. So just in case others notice trouble doing a wireless captuer I'll add what I've found. I've recently consolidated on 6.x code stream and cpsec is enabled. Unfortuneately with cpsec enabled - the capture stream appears to be placed in the encrypted tunnel to the controller. And working with TAC there is no way at this moment to have the controller forward it to the defined wireshark station... or a knob to keep this traffic outside of the cpsec tunnel to the controller.
I know the problem is recognized by Aruba, but we have found a workaround, simply use port UDP 162 both at controller and the wireshark to capture packets.
When selecting the interface to capture packets in wireshark, use UDP port 162 and you'll get the traffic.
Well that works - an unlikely knob to make the traffic flow outside the cpsec tunnel - just disguise it a snmp traps... but I can confrim that it does indead get the job done
Thanks for sharing that work-around!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.