How to configure wireshark to receive packet capture from Instant AP?
09-18-2020 11:17 AM
Wireless packet capture is basically enabled on a BSSID of an Instant AP and the captured frames are pushed to a wired PC running packet capture utility such as, Wireshark. It is general practice to use Aruba UDP port 5555 to destined the captured traffic.
Feature Notes :
- New versions of Wireshark do not come with ARUBA_ERM port pre-configured
- One can download the Aruba version of Wireshark from Aruba Support site
- The wired station running packet capture application need not necessary to be in same subnet. It can be across subnets as along a IAP has good IP connectivity.
Environment : This article applies to Aruba Instant Access Points and Aruba Mobility Controllers.
Network Topology : Aruba IAP -----> Wired Station running packet capture application.
Configuration Steps :
Configure the Wireshark as below to see the captured frames:
- Download the latest version of Wireshark. If you already have installed, update it to the latest.
Open Wireshark and then go to Edit ---> Preferences
3. Expand "Protocols" and find "ARUBA_ERM" [ERM stands for Encapsulated Remote Mirroring]
4. Mentioned the value for "ARUBA_ARM UDP Port numbers" as 5555.
(NOTE: This value should be same as the port number mentioned in the "pcap start" command on IAP)
5. Now start the capture and use the filter as "wlan"