Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP packet capture with wireshark

This thread has been viewed 48 times

  • 1.  AP packet capture with wireshark

    Posted May 16, 2012 07:21 AM

    I have tried do some packet capture traffic from AP using wireshark 0.99.7 and 1.4.1 downloaded from the tools in the support area, using the ARUBA udp 5555 port, but I can't get anything, is there any requirement to do it?



  • 2.  RE: AP packet capture with wireshark

    EMPLOYEE
    Posted May 16, 2012 08:16 AM

    Please see the thread here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-do-we-do-packet-capturing-on-ArubaOS/m-p/1126/highlight/true#M149 for some ideas.

     

     



  • 3.  RE: AP packet capture with wireshark

    Posted May 16, 2012 08:25 AM

    Yes, I have already read it, but following the indications I can't get any packet in wireshark.

    I have AOS 5.0.3.0



  • 4.  RE: AP packet capture with wireshark

    Posted May 16, 2012 08:32 AM

    Does the capture go from AP to PC directly or it goes throught controller?



  • 5.  RE: AP packet capture with wireshark

    EMPLOYEE
    Posted May 16, 2012 08:35 AM

    AP to PC directly on port 5555



  • 6.  RE: AP packet capture with wireshark

    Posted May 16, 2012 08:42 AM

    If I start wireshark capturing with my own NIC using a filter with source ip = ip of my Campus AP and then I start the AP packet capture, I don't see anything. It is correct?



  • 7.  RE: AP packet capture with wireshark

    EMPLOYEE


  • 8.  RE: AP packet capture with wireshark

    Posted May 16, 2012 09:09 AM

    May be the problem is with winpcap, I use winpcap 4.1 and I don't know if it is supported with this version.

    I use w7, so winpcap 3.1 is not supported with w7, please, could you confirm if wireshark-win32-aruba-1.4.1 only works with winpcap 3.1?



  • 9.  RE: AP packet capture with wireshark

    EMPLOYEE
    Posted May 16, 2012 09:11 AM

    If you are streaming from an access point to a management station, I don't think Winpcap comes into play.  The management station just needs to receive traffic from the ip address of the AP on port 5555.

     

    What are you trying to do, exactly?

     



  • 10.  RE: AP packet capture with wireshark

    Posted May 16, 2012 09:36 AM
    As first test only streaming from ap to pc, but I can't see any traffic


  • 11.  RE: AP packet capture with wireshark

    Posted May 16, 2012 09:37 AM
    Do I need some ap-acl entru?


  • 12.  RE: AP packet capture with wireshark

    Posted Nov 07, 2012 04:13 PM

    I know this thread is old - but I found it when recently attempting to do some wireless captures from AP's - and failing.    So just in case others notice trouble doing a wireless captuer I'll add what I've found.   I've recently consolidated on 6.x code stream and  cpsec is enabled.    Unfortuneately with cpsec enabled - the capture stream appears to be placed in the encrypted tunnel to the controller.   And working with TAC there is no way at this moment to have the controller forward it to the defined wireshark station... or a knob to keep this traffic outside of the cpsec tunnel to the controller.

     

     

    Travis

     



  • 13.  RE: AP packet capture with wireshark

    Posted Nov 08, 2012 04:05 AM

    Hello,

    I know the problem is recognized by Aruba, but we have found a workaround, simply use port UDP 162 both at controller and the wireshark to capture packets.

    When selecting the interface to capture packets in wireshark, use UDP port 162 and you'll get the traffic.

     



  • 14.  RE: AP packet capture with wireshark

    Posted Nov 13, 2012 05:26 PM

    Well that works - an unlikely knob to make the traffic flow outside the cpsec tunnel - just disguise it a snmp traps... but I can confrim that it does indead get the job done

     

    Thanks for sharing that work-around!