Skip to content

Packet Capture

You can capture wireless packets from remote access points to diagnose and troubleshoot network issues.

Go to My Products > Wireless > Diagnostics > Packet Capture and set up packet capture for your access points.

For more information on diagnosing and troubleshooting issues, see Frequently asked questions.

An AP or APX series access point acts as a distributed sniffer and captures packets on the configured channel and configured channel width from remote access points. If you've configured Autochannel, the access points will capture packets on the channel picked by Autochannel. See Access Point Details.

The access point can't capture its own transmitted packets. It can only capture received (rx) packets.

AP6 series access points capture received packets on the wired LAN ports. You must log into the access point UI to use the WLAN packet capture on AP6 series access points. See Packet capture.

Packet capture for AP and APX series access points

Access points

Band: 2.4 Ghz

SSID: Not configured

Band: 2.4 Ghz

SSID: Configured

Band: 5 Ghz

SSID: Not configured

Band: 5 Ghz

SSID: Configured

AP15C

AP100

APX

All packets received by the access point in the channel are captured. Packets intended for the access point and broadcasts are captured. All packets received by the access point in the channel are captured. All packets received by the access point in the channel are captured.

The access point uses TaZmen Sniffer Protocol (TZSP) as an encapsulation protocol that runs over UDP. The access point encapsulates the wireless packets with TZSP and sends the archive to the configured server (running Wireshark) on UDP port 37008.

If the UDP port 37008 isn't open, an ICMP packet with the error "destination port unreachable" is generated for every packet sent by the access point.

You can use a filter in your capture tool, such as Wireshark, to see only wireless packets. For example, you can use wlan or tzsp && !(icmp) as a filter.

You can search access points either by name or serial number. You can also filter access points by site.

Configuration Prerequisites

Before you start, you need to check the following:

  • Make sure the IP address configured for the packet capture is reachable.
  • Install Wireshark on the server or PC.
  • The server might have multiple interfaces. You must run Wireshark on the interface that has the configured IP address.
  • To check only the wireless traffic sent by an access point, apply the filter wlan or tzsp && !(icmp).
  • You can save packets on the server using Save in Wireshark.

Configuration

Use the configured server IP address and port number to capture network packets. You need to set the following options:

  • Status: You can capture packets only when the access point status is green.

    Status Description
    Green filled circle. Access point is online.
    Gray filled circle. Access point is offline.
  • Access Point Name: Access point hostname.

  • Serial Number: Serial number of the access point.
  • Client MAC: (Optional). Access point will capture packets from this MAC address. AP and APX series only.
  • Server IP: Access point sends packets to this server on UDP port 37008. AP and APX series only.

    Note

    You must run a packet capture tool, such as Wireshark, on the server to see the packets. We recommend using a server in the same subnet as the access point. If the server is in a different subnet or the cloud, you must allow the UDP port in the firewall.

  • Duration (sec): Time interval for the packet capture.

  • Action: Start or stop the packet capture.
  • Download: Download the packet capture from the access point. AP6 series only.
  • Status: Status of the packet capture.

    Status Description
    Started Packet capture has started.
    Completed Packet capture is complete.
    Not Supported The firmware on the access point doesn’t support packet capture.
    Server not reachable Access point is unable to reach the IP address.