Reset Search
 

 

Article

How to use Real Capture to capture wireless and wired traces from an ExtremeWireless Access Point

« Go Back

Information

 
TitleHow to use Real Capture to capture wireless and wired traces from an ExtremeWireless Access Point
Objective
How to use Real Capture to capture wireless and wired traces from an ExtremeWireless Access Point.
Environment
  • ExtremeWireless
  • IdentiFi
  • AP-36xx
  • AP-37xx
  • AP-38xx
  • AP-39xx
  • Firmware Revisions 8.01 or higher.
  • Real Capture
  • Sniffer
  • Trace Collection
Procedure
Required equipment(s)/software:
  • Access Point
  • WireShark
Step-1: Configure the target access point by following the steps below:  
  1. Identify the target Access Point (AP) in the Controller GUI interface
  2. Note that access point's IP from it's Static Configuration (This information will be needed when configuring The Wireshark application)
  3. Go to the Advanced under AP Properties of the AP
  4. Set preferred duration of traffic capture (default is 300 seconds)
  5. Click Start 
Step-2: Configure The Wireshark Network Analyzer application ("Wireshark") to start capture from the remote host (i.e.: Access Point)
  1. Make sure the AP is reachable from the PC running Wireshark.
  2. Open WireSharkand click on Capture and then Options
  3. Click on Manage Interfaces button (located in the lower right corner of the main window)
  4. The Manage Interfaces window will open.
  5. Click on Remote Interfaces tab, then click "Add" ("+" button in lower left corner)
  6. Type the IP address of the target AP in the "Host:" box
  7. Leave the "Port:" box blank 
  8. Keep the default "Null authentication" radio button selected.
  9. Select the interface(s) you want to capture packets
Note: If you want to capture the wired port, make sure eth0 is checked off (selected). 
If you want to capture the radio (air) that the test client is on, check off wifi0 for Radio 1, or wifi1 for Radio 2. 
To determine what radio the test client is on, please view and locate the test client in one of the reports on the wireless controller such as "Clients by VNS".
  1. Start the packet capture
  2. Begin the test packet transmission on the suspect device
  3. End the packet capture upon completion of transmission and save the trace for further analysis.
Additional notes
The capture on wifi0 and wifi1 will not include internally generated hardware packets by the capturing AP. The capturing AP will not report its own Beacons, Re-transmission, Acks and 11n Block Ack. If this information is needed, then the real capture should be done from a close-by second AP. Change that second AP's wireless channel to match the AP that is being troubleshot. Let it broadcast an SSID so the radios switch on but do not broadcast the same SSID you are troubleshooting so that clients do not connect to your second capturing AP.

Related Hub Thread: https://community.extremenetworks.com/extreme/topics/ap3825-in-sniffer-mode
If a Macbook or Macbook Air is handy, you can take promiscuous WiFi captures with an application called Airtool.
How to capture wireless traces from a Macbook or MacAir

 
In order to capture NULL and QOS_NULL packets with WireShark, do not set any Capture Filters and also disable "Do not capture own RPCAP traffic" in Remote Settings. 
In v1.12.3 or above this option should be used on wireless captures every time you take a trace. 
It is found by going to Capture --> Option --> Double Click Interface Row --> Remote Settings.

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255